Analysis Overview
SHA256
757e139e9d70d76499da424b9a2897ac4d4159b1cdf51a93ffaf1c21c015e3b5
Threat Level: Known bad
The file 2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (81) files with added filename extension
Reads user/profile data of web browsers
Executes dropped EXE
Deletes itself
Checks computer location settings
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 17:59
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 17:59
Reported
2024-10-16 18:01
Platform
win7-20240903-en
Max time kernel
150s
Max time network
123s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\zEQwwUAo\ZwQoIEww.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\zEQwwUAo\ZwQoIEww.exe | N/A |
| N/A | N/A | C:\ProgramData\rOIMsQgs\zWIMoMgY.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZwQoIEww.exe = "C:\\Users\\Admin\\zEQwwUAo\\ZwQoIEww.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zWIMoMgY.exe = "C:\\ProgramData\\rOIMsQgs\\zWIMoMgY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\ZwQoIEww.exe = "C:\\Users\\Admin\\zEQwwUAo\\ZwQoIEww.exe" | C:\Users\Admin\zEQwwUAo\ZwQoIEww.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\zWIMoMgY.exe = "C:\\ProgramData\\rOIMsQgs\\zWIMoMgY.exe" | C:\ProgramData\rOIMsQgs\zWIMoMgY.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\zEQwwUAo\ZwQoIEww.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\zEQwwUAo\ZwQoIEww.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe"
C:\Users\Admin\zEQwwUAo\ZwQoIEww.exe
"C:\Users\Admin\zEQwwUAo\ZwQoIEww.exe"
C:\ProgramData\rOIMsQgs\zWIMoMgY.exe
"C:\ProgramData\rOIMsQgs\zWIMoMgY.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jAwEgoos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HMkUkEII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DoAsIMQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIIoEwUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qukgMMkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SAIIIkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YwYEYQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WoAYksgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zMgkooEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pawEMAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HCIAooAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RuooEkUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kaYkYMIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GeYwQEIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eegcsYMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gUQgsAYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fmkAQsIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FssQAIgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hQYYwkAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zqMgksUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQMEcwAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIEgwwog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\guowMUcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mUgAwUME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EUQsAEUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VQYIYwMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FkoIkAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lsokcUQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TugAsEUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lUgwQEQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKIcEcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ECQQogYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ogcIIEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gGQIwYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vaEcEsEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-25389591-166182101-5888521595140365781026546650-927464099-1448805281-270091332"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYskQwgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PqogAwkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-776986413-1901274731-11102913172031443685-50571116221298935016249431-1235074484"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VMooMkgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aCYIMgEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1101437673663777712-2112038438-124134391780435557-405375235867139969577315229"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wwEEMoQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gkcsAkEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ROYQscsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZWwcEMYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HkUcMMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZqgsIIgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMEQsAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ICccYYoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kmsQQQEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWgsYMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\reQIIoQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HaYcgYAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\loYgkkAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nOwQMYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GUggYEgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IcwMQIUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GSwIIEIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCoQoMAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAcgkMkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jsAMIEsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nGMQMYAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rSQwosMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pKIIYMQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dikUUgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QgQsIUgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AysEccIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EQMkkwMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIcQssYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DkwoMAgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\viEwsgUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tQUEEoQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VWEQcQsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qWMwwUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WOQcwEQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/756-0-0x0000000000400000-0x000000000041F000-memory.dmp
memory/756-5-0x0000000000320000-0x000000000033D000-memory.dmp
\Users\Admin\zEQwwUAo\ZwQoIEww.exe
| MD5 | a3afc9558abd0380b405dee9fb543133 |
| SHA1 | adee788b2bd7f626a50549160781f3868ef973a0 |
| SHA256 | e27e4c34725a09b65a739757b069fab923fdd019eba30262a64bdfe25b1629cb |
| SHA512 | 6d454a5498878d2d5b3bf02b382445bd8865ca25be54d35664e660997306907553aa9311efd33b88f871772b73dccb6815fa673f23fe8ef20878c56aa6cb5f2f |
\ProgramData\rOIMsQgs\zWIMoMgY.exe
| MD5 | 9f5f375b1bc0045f26d2471dcaa20b03 |
| SHA1 | f0905a01a6355544b6500a33d87555e0cc61f3e9 |
| SHA256 | 49cd296ed30914edd7dce32ca30016f8df4168a8d390d4c936ae61f6e71ca331 |
| SHA512 | 7a9d2e54308ff7452ce05bce56ab4e4ccb6e7a32a155cad1ffcdd82da8fed8d88d7380df675a705d7947f9baa15a91abf154a15ddda7ff892cb2ce8dca179496 |
memory/3036-29-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JYsIwAgo.bat
| MD5 | d88e2857857d0d1ea3a5deaaf970bfb6 |
| SHA1 | 2def6871e3593b2fbf0eadf98e9f2d27b3feda94 |
| SHA256 | 749699756be6d64aee846d55b3c7b5798d41262044e728904574ca5ba5353ecb |
| SHA512 | ffbc3eb838d925d906a9040b6bb3e1f0497e40efe745c641df65fe04b9fbb4059569cf94c74ec1a12d8323e5d4cf5bd4f85f3cf7164cdcf8bb3bc69ee583399c |
memory/756-28-0x0000000000320000-0x000000000033D000-memory.dmp
memory/2552-30-0x0000000000420000-0x000000000043F000-memory.dmp
memory/2552-31-0x0000000000420000-0x000000000043F000-memory.dmp
memory/2668-32-0x0000000000400000-0x000000000041F000-memory.dmp
memory/756-41-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jAwEgoos.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
| MD5 | 88fdf033287a0bbe808f238d33ee612f |
| SHA1 | 83707d74209a0bb1db0c4f1f195386e1893a94aa |
| SHA256 | e2db76506487923da33011355eae311c48edd74fcf1347cd968266de86ad9e1c |
| SHA512 | 95e192483a9279b0a92d0aa00e742c0d48d5d621ad63fb6e7c107c189f43d29c4d7713e98c237a782e595a0db662d42c9315c69452a3482c50e62300a2448f93 |
C:\Users\Admin\AppData\Local\Temp\ZOYUwkAU.bat
| MD5 | 31019a91b34a9a90d11b7c302e026041 |
| SHA1 | 812891f675adc21640bb65f8650c051db25cbfd3 |
| SHA256 | c715a7349931da2e9fa17ac0c598b7975cb28fa2ffbbb4bc2e5cc0cd6133fab0 |
| SHA512 | 03d400e136f75b6c9edfd9a89e348270bd7cbcf76ba2068edb12d384c315462668a01b11f53825558a0b78f8dcecb5423a803b341b14d38436dad244600e83d9 |
memory/2488-54-0x00000000004F0000-0x000000000050F000-memory.dmp
memory/2440-55-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2668-64-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tAEogsAA.bat
| MD5 | 1cba759d62b6c300f0cb2c2903cf3b70 |
| SHA1 | 4e6a6a168fb0d3c08d8a646d5082bb1c68692082 |
| SHA256 | c5c939ac89daff09c4dae74452cc644e13c5b5439025c0ef4f1f163e0722973d |
| SHA512 | bfee182f11f5f0c5054be6f617fe2bf287fbcd6be830ae24c08072fdf87bf702ecf0f802e6c516b5bbccfcbe2ee3724dffb42bc36e27b0c6bbc9a2ddd566b4e9 |
memory/2440-85-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QmoUMksE.bat
| MD5 | 248c813b85199a38103eef7750823206 |
| SHA1 | e0c9d4d321ea450d9c9c04d1ee55d428846e6000 |
| SHA256 | d77f71bb00055a413e0fb2728583c7e89e2172cc07f97629f3c82620f3e6861b |
| SHA512 | 7fa50837162a47183287d98d7758dbed3e9ff505883e5046c6a5c15f9d03763a4f035b8022b75f95e360fe17e7ec164d771ce87f6aa995871f52620f15ec9fdf |
memory/1624-106-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\omgkMccA.bat
| MD5 | 3b2483a35fc831de4e73023a8546be6a |
| SHA1 | 1ad16a9b72eb655f66a5f6cc201025d4a9de88e6 |
| SHA256 | 54c5660704ebdbb228db8a4d7bf3c11f18e85031706329582002ab8a42b124d3 |
| SHA512 | fcc5893d98f84ed14eebd3ed48f0b7cd0eb0c4dd04910a9072c30cd32bcf7e0cd5644d0c1469dbca5fee5beb61b35a0e2d2b6c3847060007fdc7437fdfbd96c6 |
memory/1928-119-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1928-120-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1768-129-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QMAkkYow.bat
| MD5 | cebbcff5ad2f9a73df7ee41c19d52db7 |
| SHA1 | c5a891e486f4d9657095ec948dfc2721cd2018f6 |
| SHA256 | 262f5efcaa74b569b75ad027bb8935109b5e197f6825eb74c57594dcf53790a4 |
| SHA512 | 83256778e5be68181e72c23d3293592523d6f1b9b43708800674f636a8f36c21c5203ff4a27193f0445cc54428371e262c91cd76181d46d28ff90f36116e81df |
memory/352-142-0x00000000001A0000-0x00000000001BF000-memory.dmp
memory/2156-143-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1348-152-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QWAMsIAs.bat
| MD5 | f1ddd0326db5b08cbf5ddf5368477684 |
| SHA1 | 6d8c3e7c21c088b68af5263d5bfe89ad7048edf9 |
| SHA256 | 4dfd8ba36f88fbded43bae5e6c118ddc8874a883cbba864ead2003ddb1bdaaf2 |
| SHA512 | ae6c696e724caff48b9c6bda5f8e52adb58c2c1262a60321582ef9f6068f47eeb51c9211011108880d45561e5721a4b365625ad4f0c4b5b87956cdc5f08c3923 |
memory/2584-165-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2328-166-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2156-175-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IMAUgMgM.bat
| MD5 | b9a74db8bb5c2b7d3d6073050fb6b0f2 |
| SHA1 | da42d14a94cc24b6b289aed52f25e1b59001558d |
| SHA256 | 466988cb1b10019573606a53451a16b36d7a6066ac51d262d1fea02a6f056f4a |
| SHA512 | fc79aa89405a0bce56d7940eb5d0b57e1c1cf892d162d973be9e643fcd2602b9c5f045e4e3dbdfcdf80e6187c8f6616844965c31a8aca8bbd1dda8063e7c4988 |
memory/2972-188-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2328-197-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nWokgwQw.bat
| MD5 | 75b6f3a468a6e08c7cea21357d124929 |
| SHA1 | f4ff01e5adf089f64dd4456838eff449299ba47c |
| SHA256 | b5a53d4d942f72f4e79620f3710773af568c64340bae1db5209889bb1ecd2e53 |
| SHA512 | c7a75f81a40324cc9382f45315cd8175b0131ac7020642051c44e0f9aed9f3474dea7959c3ca8d36753d6b712ab5cd1322b4686caf065d9e2bea3f73992401f8 |
memory/1716-210-0x0000000000170000-0x000000000018F000-memory.dmp
memory/1716-211-0x0000000000170000-0x000000000018F000-memory.dmp
memory/1276-212-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1920-221-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZGMUYMwM.bat
| MD5 | 44668c563ce751f787f84d4457cc7d63 |
| SHA1 | 68fc0c31e71fb7822932e4b0c960af914b39134c |
| SHA256 | 5baddde947679fa637ddba2ae635d51406420f0ea81f173dde476672f4420d6d |
| SHA512 | 1aba4ff3b18f9b67c6f49b4c6714bca16772a408532882d2c189c754e44129c9d72da6daf1a6f926c7e604ab14e6aaf6c1f9a0b3d2febf9720787a5870b36338 |
memory/1732-235-0x0000000000400000-0x000000000041F000-memory.dmp
memory/988-234-0x0000000000170000-0x000000000018F000-memory.dmp
memory/1276-244-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tykQcIsg.bat
| MD5 | 6da2f5ea54d635f2d248bec0a536c9f2 |
| SHA1 | 4a223730c3ee39e20ccd771e7475dbecf4d918d9 |
| SHA256 | d0c5f7f1cea1d41e767950a7e50d0016ff43b8577a09982217d2cb2b648344ce |
| SHA512 | be5c0dd21d262f7faee1a18ff5bad35e61cfe965a46b536f4f6b2689d90c7a6bf385ce861049ac4cce552c88128916554fbe55b84c869544054b5835ac30f764 |
memory/1732-265-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DIwYEoEg.bat
| MD5 | 82caad3672a4657fb62821d54ed32844 |
| SHA1 | a9a1f6dabdcb2e0a36518b1533e833dd6aea08fa |
| SHA256 | c5e26928988ba1665e0edcbf11d3b3f71380d6c8c52ea8c05c89f27e731e6e5b |
| SHA512 | 3d4cfa903f41c26abae0c17afec7284c13669bddf83f7e76fc8f20b56f3748a38e64abdfc384b820998378c03e8c6aeee99aa4ad6e9d0738eebad74378572d26 |
memory/1484-278-0x0000000000170000-0x000000000018F000-memory.dmp
memory/448-287-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cMYcsMcg.bat
| MD5 | 7ecb4b071577c0cd0e1de55c93887ad4 |
| SHA1 | 1955c80738c31dec9c97b8af6660241b5566cd79 |
| SHA256 | 562675749bf6560a79540f4dc9a40dd83b8c137339b9da7a99875077b0cc1b3b |
| SHA512 | ba5ddf11c59c179550a5f57834e783203588bf0e1c8c2b455a6c8ddd72d4e612ed4576b7b4a575555de59b3eda281ec929c81b1afaab37a7ec0057843031854b |
memory/1616-301-0x00000000001B0000-0x00000000001CF000-memory.dmp
memory/1616-300-0x00000000001B0000-0x00000000001CF000-memory.dmp
memory/1460-310-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SGskMQoo.bat
| MD5 | 13e5025cb202836179508262cf5d1c3b |
| SHA1 | 0097bac912d384b399f49ca9f59336db609c296f |
| SHA256 | a23fbb7da133c7941ffc7fd99c22a7a48dd14af9e896e487c91d92b785bf1b08 |
| SHA512 | 2d08f9479a938ed85bb848ee4737fa89cf1c4cc7fbe0e288ced4dc56f5b8c9a23f251e795d2aac59f0410eacb4ab721be189b54ee0c5d396d61d8592bbc7c19f |
memory/2344-323-0x00000000001B0000-0x00000000001CF000-memory.dmp
memory/608-324-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2704-333-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YKUggAIM.bat
| MD5 | ef6c0477492db920c8c8f37a1660ac4f |
| SHA1 | 7378d44ac4473fbca117a3a84003b4b99e19dde7 |
| SHA256 | 0115b4161d760be5fe8af52e7c9df170b3a99630b46eae9b2ec08a9d0f9381ba |
| SHA512 | 70d8884cd585866548ebf4d9653274a090ac1cf8a69c26a73e037ab86b55490bfcf7fb3ade94af1e2337fea8236656e6b71b5294323fb847dbbd721aac7e4e03 |
memory/2244-346-0x00000000001A0000-0x00000000001BF000-memory.dmp
memory/608-355-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WCQoQYcA.bat
| MD5 | 6081a561a0f14397ffb302e803897a0c |
| SHA1 | 07b37f613049ecf2d88144a1e5bb4e67c535b5e1 |
| SHA256 | 30c020bdfe0aed7e5282dcc3b6a14e47beaab42c00fe3ff27d280733e5a99d95 |
| SHA512 | 5a92599c55f13b73ea2ca82e81ed360854032bde80e766d7d715307ab7856bc2817aede4b7c31243f534493fffb6d0f1601c8a56018154f6085e15e7008b380f |
memory/1400-368-0x00000000001B0000-0x00000000001CF000-memory.dmp
memory/808-370-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1400-369-0x00000000001B0000-0x00000000001CF000-memory.dmp
memory/2780-379-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RKMEcQUc.bat
| MD5 | ceb08994e80ad303798fbbf5a0617d5d |
| SHA1 | 1ee7956af66caa38e75f1d58714fc819c31b284f |
| SHA256 | a24a8f4bb16a10405102f7e105f4ce888d8eec81d4172452c415ab2332a63c90 |
| SHA512 | a1494e92ae8a29b26cea5221c1e662855da8d3b662643294759dfa2c5308b1dca6bea843beb0440e9719bb87de051cc4eab114fd8d215bda4209e0ce91e0c800 |
memory/580-393-0x0000000000400000-0x000000000041F000-memory.dmp
memory/820-392-0x0000000002230000-0x000000000224F000-memory.dmp
memory/808-402-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JKUcUMYQ.bat
| MD5 | 8d4ebfc11a9db9389851711b387cee5f |
| SHA1 | 77ffc40f9f04f121fcdc21414e6aaf01d3b144c4 |
| SHA256 | dac65278bd36c4ca8a1e0d1fff1a83dea4a53e7c464797d270038adc76c0f4e9 |
| SHA512 | 15e982eeb5cab22d3452d51d69e5a0cb4b33756b30617971ba50f07eb9487d9738578192fc1ac12b8ba405657d480051fcdf2085e0d125d7c6f90df7471f79a0 |
memory/1692-415-0x00000000000F0000-0x000000000010F000-memory.dmp
memory/580-424-0x0000000000400000-0x000000000041F000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
C:\Users\Admin\AppData\Local\Temp\wswc.exe
| MD5 | ba11c1e32cfcfed336d39f562b9cc3f7 |
| SHA1 | 75e478f64d14118fed51e2ca5a7348c45eeb64a8 |
| SHA256 | e8504bb9b4584ef0871c12b23d0465230c811dddc9578a891094cb784a1ffb76 |
| SHA512 | 418f15ff08f6beb10f16563a6e5600602d6fe7febc193d130ca240e031278a94d935d207c867f6ac1568269ed1a33ea3009b709b57e7a21c14af599516e61e0f |
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
C:\Users\Admin\AppData\Local\Temp\DmIwoUgQ.bat
| MD5 | f88ab313a5d6f8e64615010e5cb69071 |
| SHA1 | 6806339b1812b0d948a9805acafff3d0e989a0ac |
| SHA256 | 864b0ea4c395ba222185a1e7cc5268d51ff611f6b7cc3bdfd7e71b9f291ec8ec |
| SHA512 | 05c8c46e729f68213e45747008324a43f6656611dcf48f9e6017e395d44729d8e640c1d4e3acdfee38af61d991cb8e630328551f1eccdf6d64a1deeffc07e5ba |
memory/2140-454-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1560-463-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YcEa.exe
| MD5 | 68e529d1acb2b43264476eb5966696db |
| SHA1 | 78d5c1d439b281f4529c616232e267f2c1fb2335 |
| SHA256 | 2ddd1d59740f42a0ca9c683d6014aa47080248769156a788be92d7f22f7dd4b6 |
| SHA512 | 768cdd91b9255863ff180a677dd18f7749af03f3ec1fcfacc5dfa78a0de1d56288017ce46306fb27645d2cf8cc7a6c6429bf851d954ab6b60c60415da863c2e3 |
C:\Users\Admin\AppData\Local\Temp\skos.exe
| MD5 | 959accd86c966891bc24db510681fcff |
| SHA1 | 9a2eab10e851f30cf7fbba7c6532ec69ee02c875 |
| SHA256 | 471769e942fdcd591a45ad9a8361f6688568b2c289234a26e232ede55ddbc9b7 |
| SHA512 | 01a575e1a046e6ac5ac37a9abbf28e1fa3ac53f77b1a66684eb2654e465c31b0ca149f70c2f0e581e052e236c65d366dc8004f5a71fcab452d349d1d5edada2a |
C:\Users\Admin\AppData\Local\Temp\Ukcc.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 1745e5386da4ac4a2522815b79f81e70 |
| SHA1 | 7012d24fc696704ce25440e21db90a13ca2dfc5a |
| SHA256 | 9edf0e7cd9103c5a6b4752c8efc8648f969714e1879977af7d48fcb713cc3174 |
| SHA512 | c0f2d25ccda58cd70e3a4ed70f327aeb5325c79ece8a819e25629d3c1be7f54b948b6a874d765fafa646bf02ff4fabc80822a4bfa2634933bbc9227f0e01c36a |
C:\Users\Admin\AppData\Local\Temp\rckcAskQ.bat
| MD5 | a118ed700c4550f721b583698ffa94e6 |
| SHA1 | 94a1e8dae863df67577eafde9170b89b27e6c0e0 |
| SHA256 | 1d506e05c48266dcf59a61c248ee11e1de7ca002e7f0b0a5f68f4ca88f9511b4 |
| SHA512 | 7fb8f57d7aeb2a85e19a9be0afab60cfab45cde4137b6069b702782bbbe509a32c9e755458d76705ec07fd89e5c6355913878e2d7193a0cd8fad68bc33b2c445 |
memory/1180-526-0x0000000000120000-0x000000000013F000-memory.dmp
memory/1180-525-0x0000000000120000-0x000000000013F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aEkO.exe
| MD5 | cbd21f1de876e560d0d0ee60604ed4ff |
| SHA1 | fb0cf30fc200f3fa7f3cec9fbb471ce3d0b19327 |
| SHA256 | 4e628d9dbf763cd9db12faabf56ddb5d1add58f00fb601b99d09ed4ff21284f8 |
| SHA512 | 98efcb8000080fbbe40f609116c15eb31b7516d09e632db5db89e185e22e1a508bcd0a9d303afe24f5bc7ae7e9c153900f4aea07d11c011c2ee809e92673700c |
C:\Users\Admin\AppData\Local\Temp\Oogu.exe
| MD5 | 05ad6579d3907b1749f78dd20bd47fe3 |
| SHA1 | 44f51bd72deba55a79db4954ade5dde166582204 |
| SHA256 | df4812c867174786eb41532c7c6d385a12e1e5b5c5bed400ceed688ca5afbeff |
| SHA512 | 1790547b860e9b9c99dad609780f0b1d5d5252ff64d72fd32124a8879758474fbc89f21b620cd63c930381face9e3a39ac03cd3a35baa5685562517b9f367ecb |
memory/2848-548-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WckI.exe
| MD5 | 6b943b388fabfa2b29b1f1560c557878 |
| SHA1 | 58fa1edd047cf60af59ac8b4b23c5e05a0ada3c0 |
| SHA256 | 379696e5a9bea5bad3cfc8c8bf484b8e21425d37e7ffbd549cca8589e7abb113 |
| SHA512 | 81066f76c80e38812c8685a8b9766d61993910e0a8b35eb5a21793351303d8abc299cc81370ba66e931b9951f089a5b2529066a6e389127eaf4a8327a50669e4 |
C:\Users\Admin\AppData\Local\Temp\AYMK.exe
| MD5 | 07eb10eece6d1e520d53d8b5808a8b44 |
| SHA1 | a9b70ce985a01b90996967752c237ec5f5b0634c |
| SHA256 | 12c24d987956f0f89319311545913fcbffef61b657f78ec10253bcc84fffcc9d |
| SHA512 | 3112a86605fadec1e7d4fcc21076a88bb447187f010331d8d3e892ee4b0965fe609fadae4d916cc33a169d00a9d9170d04b2175e30aea7a98f1de4c072d8c624 |
C:\Users\Admin\AppData\Local\Temp\OYEO.exe
| MD5 | 9475f55b1d0915d0fc7a5ffc3f8803f8 |
| SHA1 | bfdb5a129d31544c9aada6d7bcb9c1d486ac791f |
| SHA256 | 3a4e6c2a3370c36beb608029d087121ccb651670e4e098b541ab4a9befdf8e8c |
| SHA512 | f9d236745e71108835a7ffe891fcb3ae4455366ec4afc1db98f19d7ef6e2ad12bd619f0e78f90cd3f488096d9dec5d9754d9657ab7d4240d1b651d26db75844a |
C:\Users\Admin\AppData\Local\Temp\TwEoIwQU.bat
| MD5 | be2e340e56546aa706d36a1a186ef65c |
| SHA1 | 0e356a3a5f33800d3c6b122cc6967d0c4f92d1b3 |
| SHA256 | 471226e8d5533558df7645d87f2b1947c619df417efb4b86aef7edab89c05469 |
| SHA512 | 1ff8ee284d8e0df27f27a61c750f69a6bc192e90a0ec72ee1c3815ee505870cc71a322e8b39e7f165f2de1b2e1f1047f0812ed3f7a5c94d5630a18f3e8680ebe |
memory/3060-599-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1600-598-0x0000000000120000-0x000000000013F000-memory.dmp
memory/1600-597-0x0000000000120000-0x000000000013F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\McMw.exe
| MD5 | dee76f3ef9ab5a5a15bf0229235fd506 |
| SHA1 | 2da1a72398b9b983f234d65bb7090af2cb3826cc |
| SHA256 | 31cf6b6c893802d34d098242c9411b4c7c5cc0d93d84fc7de3c3e576e152ef8c |
| SHA512 | 8ec7fe1e79fa6964bfbb023948473d34fa453a8e7196326c4f89d01b63d20b0645537b24800a0550d3c4b883434eb99ec7d943e049bf2e9e5bb37e56039ce631 |
memory/1780-621-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qQgO.exe
| MD5 | 687433ba2336f8f3e56b868098a24f9f |
| SHA1 | 610eac629f572f1f30f6e2ee3441e5fc0b25244e |
| SHA256 | 78035319a88a5969d9df79e1080cd81e84ae2966d1c64028a58f0180d1385148 |
| SHA512 | 2887fa40bc39491ee5eeb2b601f6f0bbc3124bdeb8fffac1dc6ae097997bc59434d0999cfd79b80504c4fb8a2ef43c39d85d1da14c9fd6cda01e8f981bca2f10 |
C:\Users\Admin\AppData\Local\Temp\eoEW.exe
| MD5 | 38bec434450e512cfdf5593363250a1b |
| SHA1 | 87868696fb6051960cb42ff59bf926cf637ecc2a |
| SHA256 | 07f1bf82dbdec8e7cffa39b7d393bc4d91392a534888e617673c996023492459 |
| SHA512 | ab9677020e4609395e0d7c17624d76376d80014883fce00a3a6be11905719f27046b3b1909b84be73a2cd6d274d113646bc9ac625fb12d315213d3a61e170946 |
C:\Users\Admin\AppData\Local\Temp\OmQIwYcw.bat
| MD5 | f330ef4c576a20cfd30d355180a1d1b8 |
| SHA1 | fb4e47d357d2349d1b365240eb702f99e74ba776 |
| SHA256 | e158afcd0e6d2bf06590a21c16ef758ddac22c97847d64bf44f3bb8d463d4bb5 |
| SHA512 | 78ba78e1dee10687f7fd6a8b66e6787860bd602e7013ac88ab54ca075cd57026d113219ddd5095465c48f9e1e315cc882a4b2550dfaedd13c6cf242a46826b8d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe
| MD5 | e5d7874f169e0645534f67c9934f9958 |
| SHA1 | fd28e92c08231d9c9c051adffdd8ac53073aa29b |
| SHA256 | b15d1d60a2519e14ea13691d3e31134aa42ad56505dde94fce166d421ce54352 |
| SHA512 | a3c31498ca1c158b1c08e519c8c5d1ca27b364ee1cb03834183e0f1054e677f1b6a41a750d1bc5619915264ceaa4b3f1882078809ae454535da2b5104b99cb00 |
memory/880-659-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2160-658-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2160-657-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3060-681-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YMYI.exe
| MD5 | 5caabce3c2b1ba797afa3cf4d2d2157e |
| SHA1 | ada5f79a12c0c022ed878e51be3eaed5dd1f1b98 |
| SHA256 | 30b05ed1536dc15b4c329cf65f6cee869def6f135a93f0fddafead0d396a37c9 |
| SHA512 | 81d8b45254d1a082cfa44cf9e184fe1e72e5f918b7dca0ccfc431ac7582e110caf17fbde368b4db1dd2b2ca79ea636b9ae2099f5de8b9c6b8b3ab0c7a3c14117 |
C:\Users\Admin\AppData\Local\Temp\ygwC.exe
| MD5 | db414c128e8f235a3ad8e4bbd55e6ff4 |
| SHA1 | 99af537937fd4e46cdc909ab2af68051cb72faaa |
| SHA256 | 297e8088b0893cfd462c9315ca4fff2963095648494a8c47391f7dc8ebb8ef26 |
| SHA512 | c934f93e66bd031e9f890c9d3c40586ce23fa49650dce4223cfe078648cf77fd8e050a28fe769aa130b81ae268511d36d4f7cdf18bde7d3f9140c5b0c283fe89 |
C:\Users\Admin\AppData\Local\Temp\CgsAMEAQ.bat
| MD5 | e7528a9379aa79d899a4c4decf63e551 |
| SHA1 | fcfc01daf314434c7c7fb995d721e86b4f1da51f |
| SHA256 | 7741b814cf8fcabd390145952f2c6568e8efd4362c94cc476351b80624ae9cb7 |
| SHA512 | 0fad4a14a278e04b1f4e5e84cdb74d80f983a47426947c95620a19eff4246ca181136526e4b9393edafab2bd32572bde1510c22585832226d76f12ad5e1d4572 |
memory/2560-719-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2584-718-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2584-717-0x0000000000400000-0x000000000041F000-memory.dmp
memory/880-741-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aYMM.exe
| MD5 | 64fbf14ffebf097fc277b83d800b6960 |
| SHA1 | dd0dd09869f6aace73558060460d93f31c32d655 |
| SHA256 | 65abad658c4fc443331f1e1620114fc6ec9d7396d9f57bd24c0a799d1d3a218e |
| SHA512 | 8b5d8792c6196b93a2015858fabec974401faced2755994378517e538ec835a0415a5170fcb37857e2c0e37a6348b5f29e83f091d3d20a71ebe983bc4631edd1 |
C:\Users\Admin\AppData\Local\Temp\QMoG.exe
| MD5 | e5588a843d16b75432a7e9ec11000447 |
| SHA1 | 18feb5b2e0ddfad60ccb015fa6797d8b736b55c2 |
| SHA256 | dae65024e8f78fb18c9cfe48cea9671a99e843c7591a79763d7531dfd3a06fea |
| SHA512 | 49f5e1df4ddd653317875f004cc865a4ef24c6801669c0212cebec33af3db9befbd12944ed458dd9376b8a13effa50867740a80efccda052c53129891ac9333c |
C:\Users\Admin\AppData\Local\Temp\UIAs.exe
| MD5 | 007a54ab5551401da4054aca3e9ede89 |
| SHA1 | d2bffbb06b77639ccd88c0ad6a456865a8b85cf8 |
| SHA256 | 75b6afb3588b7e512cb8bd4c3bd4acc15243a24ae62aec62c9caf4af70b9d3ca |
| SHA512 | 011a9c131f390973c4bad63ab2c0b9879260c4c7c105bad313674256c5fae14659672f0472502be612ab47c9c7900efa3a137fb8c6d2c6895b75c55b1a22a645 |
C:\Users\Admin\AppData\Local\Temp\gAsu.exe
| MD5 | f475d4159eeed60e5b57ada073f439b0 |
| SHA1 | 91c29b7933ca87fc1128257fa700be5fa6e7dc37 |
| SHA256 | 7dfc57a4e0a300ce55bd5c20302856f20bd7f9b48904a3f0757899e573a669fe |
| SHA512 | 16b3fcf2f5633a30ffe3dfb3f6cbf02edb887874c95fff2825e93afd109a6049181524178b65867072a32743661a611464dd288a1f8793b744aab803e92bc744 |
C:\Users\Admin\AppData\Local\Temp\oUsw.exe
| MD5 | b1a6bdd4bbf96a8f67ce198c169f7b66 |
| SHA1 | 616b39c5d7b6efa2397e7e8ac4e828449d55a35d |
| SHA256 | 25b88a955efc626cd9083c4530b46bc20f374e5399ecb857467acbc188474e82 |
| SHA512 | 028e545b491c84925f38212145812989acb8913ec301c5bdce7139bc01375f32602dd7fdcd8a4e4a763ae47b6f172d8cfe752f3552707ecc84022a72db993737 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
| MD5 | 8cca21ef879397dd67cd8e76b2433061 |
| SHA1 | 44572532bb6738e6cf3e8872ce9dd7712c94f7e7 |
| SHA256 | e6a603e57a633436fb99f1cd69a799c3b0febcb0e1755c92412380be103e1b54 |
| SHA512 | 31c7cd8a2b66090c04a9fc2ce7bedf25ab98377c9cfa176e909f81bc3d40420e081935365f1b8b2f744371eacf57a221d3f747df19017998a64638badcb7ad79 |
C:\Users\Admin\AppData\Local\Temp\yUYEgoQA.bat
| MD5 | b2cbe7bda22003f020cf99ee6fb082f1 |
| SHA1 | 1915430d44da1fa7af08e1ba14bc352919118a5e |
| SHA256 | c3a08f210e6e67259206c01df600285f62664cd849c42cb8cdbefa04a32cf5e3 |
| SHA512 | f55a3773d998695e08b3b6326026acd632543deb6deb96ff558bf91ceb56ddcf4fb9ad7fff17136dd8602a4d35ca75dba04b5220c9dfa4f74a9b723ddc246343 |
memory/1992-818-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2164-817-0x0000000000120000-0x000000000013F000-memory.dmp
memory/2164-816-0x0000000000120000-0x000000000013F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CwES.exe
| MD5 | a478b3da5f867f1ece762670c0898e64 |
| SHA1 | a035c421a3bbd6d705af213515fe8072adf10da4 |
| SHA256 | e542b1dc457999309a721e4736a0724a6736e426bd0207b3a43c5cf9cfb0c3b7 |
| SHA512 | 60198ec2cf91384d70365973135127d8360ca59cbdb12bd0bf7c91b1e37114d114b73a8f45a81961c60e360a22b6f360caf57f87ec4a986dccec4cefa07043bc |
memory/2560-840-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WAQi.exe
| MD5 | 7a0a29c8c8bef4e2b6b020335dbe84c1 |
| SHA1 | e7de95566bcca2f682bb3d784d088a57a835d9a2 |
| SHA256 | caf7ce684b4dbfa6747054058e32b9ad44c5027f0b3ff370e66ac1152d4708ac |
| SHA512 | 93d77002d7549c1270e68f4ac56477b91e654f2f7dd90351236a46af8452146b18176fee2bdd10eb7ade94faf7623d34aa2b89467f7204181958825926ce242e |
C:\Users\Admin\AppData\Local\Temp\oEAK.exe
| MD5 | 27caac8b808da9c8fa0ef0d6137ba3d5 |
| SHA1 | 988d128d7b2f23aff9c3b96adad9bbac5a9ca364 |
| SHA256 | 7c7263c31b6678959a9dffbef03bbc4398226139395a58f70880c81b3fa18e80 |
| SHA512 | 8be20fde5986066a835eed639d3798ed1b62f343998088139b7d375c6685273e76e674860c2afd26078c6ab53f0b03df991d106b218eb6b7a0ea8db8bae8edaa |
C:\Users\Admin\AppData\Local\Temp\ykUs.exe
| MD5 | 36e7b20219a4d920696adaef297c9500 |
| SHA1 | 25882742edb3cb8a338fa2579bfcd4b2d9bfd23d |
| SHA256 | ff382a79311029a1462126fd7f862939930e8785ec6de48474166ca710bf0613 |
| SHA512 | bdda2a147cee8c0744619d9e8bfe04e197785d16a9d7b7915731522a5ae607b9e51fc3461b020affddc00b3cdbc2e21f70b444c928ed4cc0ee7103e0d1921df0 |
C:\Users\Admin\AppData\Local\Temp\QUkE.exe
| MD5 | c12e45eae4d83596efcdeb9b956cff8f |
| SHA1 | 668a8c2fe79cd7e458f01325573d5b73c1f18ec6 |
| SHA256 | 3a1f1aeb8e6f62c6d5af92f35e3ccc0f0eee9bf1ebef3be2517cb98c695339a4 |
| SHA512 | a869e2ae8d68dd49831197e3dade80bf50a2c07627963637becc08b620f6c6df8bbb3958700d66f8a44bb4cacd0f301159c0364267592fc9b27dc62eb1ef3998 |
C:\Users\Admin\AppData\Local\Temp\woEq.exe
| MD5 | 65e739759661b4a387289e6aa469fa71 |
| SHA1 | d8b9b32a30bdc6e9bedf29a43b39ce857e27cde4 |
| SHA256 | 25392dec8dfc8286c3a576b0de66e5cf104a85bd2ec602378d4cd6abaf77025e |
| SHA512 | 1e122f55a2f1897fe87efa8e1a7ce61fe33d51adaa327ba15cb08f82c131ef420f3d69b13abc3c0b4d37e4039bcb2fcdf51425ced35a7a9640ff2c6f70b1b60f |
C:\Users\Admin\AppData\Local\Temp\msYAAYsM.bat
| MD5 | d0a78b2fd2585cab0d36cd8b2e6d7d9e |
| SHA1 | 23b1063c4fc41820d8f274447123e7e8a2148153 |
| SHA256 | c95e55eb71560eea93461276adbfee228dcffff5f2cf83dc6c7940b03cc4f895 |
| SHA512 | 101b006d9ae0883a944b80de73f84d2d9e9d07104f13aa81583e159de7767f91f55d483687df41039061c237b601d1b80ad8b201e355e9989dedc5ea0429b24a |
C:\Users\Admin\AppData\Local\Temp\QIQA.exe
| MD5 | 8dc02de84af3d6298e69b9caa3c401d1 |
| SHA1 | f5dcd74bb0ab9b9603e99abe98b59f7987c66428 |
| SHA256 | c26da15982cefdaf3442bc6c612fedcfc765bc05ff5386ed42c4161d34189d50 |
| SHA512 | d59e9f443f15adf0356064f06c7461756fef48d0ca838b0452ae02351dcf35fc7b2a005cd3a8aaf9acc7565f72c32bfd8af80bfce9759dd0443f45aeb5b1e3d7 |
memory/1412-928-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1816-929-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WUMo.exe
| MD5 | ea835d3fe781176007c44016a47dd1f0 |
| SHA1 | afd4edc4971aec2f60c7df5e77b79e933a194ff1 |
| SHA256 | d8f2df27796c5f15e12447f04fde867d96ec8f5d6d8291753be75c32e1946bfa |
| SHA512 | 60881e28f4f067b162ab147e6a7503d2d5e6d92a338d1669e04aced1ff47f0400eb3c49c6e5bc485171e7b73cd7a94c00137732c4f8e577c24416ff06dec63a9 |
memory/1992-951-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sgIM.exe
| MD5 | ec61ba1cdf0529de93aaaf1942555c89 |
| SHA1 | 3e6d9a234a89f51a7ef31f730ae06290d57ed998 |
| SHA256 | bcfcfb1795bba816217d5698a2b62c3b14c6ce7f0b5184f2ad9a2e7e9edf9daa |
| SHA512 | 6dedb01b0be8d3cacc29b94d1df60e53fc80bea6373ee0a6e420e3682584b63de52f73bb544546079553c31be976b80644c5897b7340d61b4312d94ecbd81c31 |
C:\Users\Admin\AppData\Local\Temp\YEos.exe
| MD5 | 94bd401fbd59dc82ed35013c7e6ce338 |
| SHA1 | 861270c014cf3f0b4841a4819c9bbb93d942dcf5 |
| SHA256 | 9097e1814cd00069afe38a57eae03ee207ae6e0658820b38c263c4eb51dd2808 |
| SHA512 | 894cf0850a7ebb97e2accbefd161083488643d8dde89fcf95ad6ef690929091345038a60f4f746eac6b7127a825d870da16c3a14fd309527c9f1d93f93f227ea |
C:\Users\Admin\AppData\Local\Temp\qkkc.exe
| MD5 | b4c027b7a7acf001ae2681ae9742403d |
| SHA1 | a6a6be2b394fe4e68a417523a2d358e975ea8e88 |
| SHA256 | a76bf348c668bf6335839e1302e4c4a200cda55c98d4e3b62b8eee820afae31f |
| SHA512 | 372a7210902b5909d57aefc6dd5af6c1b0f2b11d62482dadf38bb90011bd0b6cfcbfd8f9e03c4714ead576e29b83abdef020811e32bdc59d34e1e1d4bd33387a |
C:\Users\Admin\AppData\Local\Temp\OiAMYIUY.bat
| MD5 | 3855fa443199d46b4fd5485dcdda915d |
| SHA1 | 9361840a6a628787acb741e511a82145b9ce00da |
| SHA256 | d3a0202d7d1c4522962621e1226395db20600c3b56f04f0a5dff22b236a430c6 |
| SHA512 | d29e1001fcb554110be34357179bb612dc3bab7ca4bfb5f8830210059a231412d8fbfb3fc8477096b14e3f2c952f8a3438eabcf8753bad5c8ca6c59f8d6e75da |
C:\Users\Admin\AppData\Local\Temp\OgMs.exe
| MD5 | d4a01559f4acb049e188f8e0b25c7cec |
| SHA1 | cefba16b6835b665f3ae4987ea260b14188a36cf |
| SHA256 | 7e2c55e046f3557b99d646e94a4768d9faa1f7aad684f998cbbcf8aa3e69a0a5 |
| SHA512 | 8bc46c71b23b954058ee5fb695e48b0687c4f432e7048265ea1b7dcd130f5970a0e1756f1c6b4baaba8be790e616e3b128e847a3ac77a1d894f5325ff276d0ca |
C:\Users\Admin\AppData\Local\Temp\oEoo.exe
| MD5 | 3a2ce2c3d845ff79c427794bc6e52306 |
| SHA1 | 3b66fd93fa10d4c9d1940af86aa5658bbe2e8478 |
| SHA256 | 494c1f4841551c8884dcc7d3a3ee8453b083691188b422ef010cc269a4d8be17 |
| SHA512 | ac6d7c390f538129573bd168a600a8506180437d4bd619528aad9957edb6d411c7635508b3604d5108aa13904727c2322a00e8c25f81887c0b007c5bce6ae5dd |
memory/1696-1026-0x0000000000580000-0x000000000059F000-memory.dmp
memory/1696-1027-0x0000000000580000-0x000000000059F000-memory.dmp
memory/2576-1028-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qkYa.exe
| MD5 | 945434ba6fab32123afbf2084b6a493f |
| SHA1 | 596b657cc00c4bfb7dcf5ee93e34cc10ce856ac3 |
| SHA256 | 898ddd8f500bff2d388a390fa959b908e5bd3160153946ecdecfce7fff3a5a3b |
| SHA512 | f3dc646eec7413309ffbe7ed4d5e8c2a81eded5496484a58f0556b5c1b9137250476308eae55e82c65cc64d1ee41ff95571704f3ef3541542695722f67be3a52 |
memory/1816-1046-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qMAc.exe
| MD5 | 165ca5c90f94d700010eac8dcaab982d |
| SHA1 | 77c840210e7080042db47fcb0da011d86f338762 |
| SHA256 | a49b01e27bc069929fab0a4f17c18e04350ee3d8c70e4434a3dbf3520a75ee4e |
| SHA512 | 6f77c77770501df52d29c3c43cfe8b6497b056d6359a40d6e7d77b2ae31240173049cd0713ad0688efa1df6cf5636a151988a7de7334eb8479990d8217f11c8e |
C:\Users\Admin\AppData\Local\Temp\GUMm.exe
| MD5 | 823c951f5c82d1fe4042305411fc7423 |
| SHA1 | c2f486e144ec54b53691d082653c7aa2010df3e2 |
| SHA256 | 2ae37385d868fff3b5722e96a18dd2a31476a67f2fa7d9f5268b740de7c1820f |
| SHA512 | fe725fb10a9a1adf2ef89de39a26511305d7999d54c0361d39e09e5432a5b7196444d5b3972680ea41ccc057232e93eadb9f54baf60eefb4660a3ad95f1338bd |
C:\Users\Admin\AppData\Local\Temp\FekckUYU.bat
| MD5 | ca892ccdb8bc298dfd1f45fdde41ae9e |
| SHA1 | 400a6e3e1602c04fec66dc178878815eb256f799 |
| SHA256 | 159296d7aefbf4281cec95ff7bada934758fe220fab5905a1a1cae7a63144573 |
| SHA512 | 2839830a11e90a3ca0a67bc51a0f63521b47ac333580389b7581d24fdab61221dd322de3020742575ae68ede98964b70015cf2a03537e55bc8bb78e4199d1ddd |
memory/2740-1088-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1868-1087-0x0000000000180000-0x000000000019F000-memory.dmp
memory/1868-1086-0x0000000000180000-0x000000000019F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SIgO.exe
| MD5 | 1a787164f870e5e1b8c72d85f11aaab6 |
| SHA1 | d6bf2e969e75d03f83987237333fa08717a88ef6 |
| SHA256 | 70e4bf84628cbe07d67b343d465c3e83006fee82fdcc86d639839809439425ce |
| SHA512 | 498a57a58e7eef6e1c8760af0df28d6f483d403a13e2e6033606cdec0589efc75f6cc5b8e997c7c4acfa16eb3338d8f40f6c3512e6a1a256a53e809f81690a85 |
C:\Users\Admin\AppData\Local\Temp\OsMY.exe
| MD5 | ef43c15b5879dbbe411f4f3c70614b04 |
| SHA1 | bb075fef5efc6504752840dd72dbc594d0ff3595 |
| SHA256 | 907ff1ef3f9e8c5486f484c2042c0d5913fb551d934685491254b408bc677f77 |
| SHA512 | 02aaa567e3db17be6690aace24ffed06293bf5667d70db66379187e79bf263728aa8ed7886ae9968779dd1a856100266690f4dc77620982b1a74a55ac876e01a |
memory/2576-1110-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AMEQ.exe
| MD5 | a19ab04abe15671efca0fa21abea1124 |
| SHA1 | 8e7de528cd9218f0b1fd7f9a5fcc785922394554 |
| SHA256 | 74e6ed5381985825c208004306df869b820acc9f9b4be9aa90a495300bddfb62 |
| SHA512 | 99f7506b3136b2019cc9bcbab41b8f2d4cd100e9b45d21c3ea30641fba70d40cff9a45449d036caf928c3f79d304b805405120d2b867613682c3c8b8328bde47 |
C:\Users\Admin\AppData\Local\Temp\EUcU.exe
| MD5 | ebaabf93b2e9ee4725176986ecf6af58 |
| SHA1 | af2e61ee2678744a99dd950cf4b3e7c1d41b3bb4 |
| SHA256 | f2e6abe5e47f5076ab02ce705dfda1c15307e1a5087cd7623a491135c1db502b |
| SHA512 | 679c41e83da51b8ab2b929e3ed8e28069d9c5706334d647232c97c5c00a9187581ee9e986f990b2272fbbbbca5d8b08fa38635be0ec7fcf5b28b589aa6be2ff2 |
C:\Users\Admin\AppData\Local\Temp\aQgk.exe
| MD5 | 8fa45ea9894447df76253b4cfa8d55b2 |
| SHA1 | 167adc17bcec441784172b1a0078d4f41c4f1698 |
| SHA256 | 52d16147933be4019b5443bed0c6bc748b69266e6c33205e209a6f54bf6253c2 |
| SHA512 | e6551bc7ad8889ad1ec462a9f8857dec55c036cfc1913d6a4eee2c3f017fe9a8f5ff343e90cb704a8af0dc545755c1c87345075cae735def190b3241382fd848 |
C:\Users\Admin\AppData\Local\Temp\DQAYYcEw.bat
| MD5 | 61f91ce48477a1b83883ba8b66857dce |
| SHA1 | cf8625e560045a6f840e84b17f5cc90899036441 |
| SHA256 | 73c261c88d93e57cfe54b6d46190a089ce8aa97c00b1c1deab9375453501d532 |
| SHA512 | 719414f3d9462f417e509c75e08916d55ac6bc82893fc4f7ac9bef935f55065bc8c5762128d7d62a36dd17ac7f1aab93dabd95ebbdc99920e0ce70e944989838 |
memory/2712-1172-0x0000000000120000-0x000000000013F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IsQa.exe
| MD5 | a94904c9d3d545e1e036602dba702e8d |
| SHA1 | 3ddb0c71af014ee0140587524ff9f010b3422123 |
| SHA256 | 91e8fdaf08b16fc50388482ca1b60f72c7f88b2cb75cf3f75ba2487ecec1eee5 |
| SHA512 | 0be305aab9f7443a210930e115b280a15efb704dce41d2a8d8af8ad6e4fe49c1b363fc0cb65eabf02aa3c978d14c9b76e404a5996243343ed97809d7af24133a |
memory/2740-1194-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YsIs.exe
| MD5 | 88b48d966646fce826223b8c35a7c3bc |
| SHA1 | dee45b5bdf6c145f7200834abaf18fb702201d0b |
| SHA256 | d62e3fe64c40099bf85adbf3413af7983f9edd8e96136da8fd63bf0ac9c6495d |
| SHA512 | 9f48566a2d34a939e0c444c695f506c30d3279b8da67d25b93d1d4207f33a9e8f6ced18995de47aa724fc51e7501a293c34380d5febd61857fc73eea10398d3c |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | d781c09b531b2db75465ffc2b51c6b4e |
| SHA1 | d6fad9f5e422d61d499e85cdc070feebc176e9f2 |
| SHA256 | 72181f84470bf214632a52c0fb10e893693ba4b37e358aa54707356579ec36b5 |
| SHA512 | d89481f33fe6b49a42e757372e3f89d0a3272b1009d94edcd11bc6642226d9e17ef6b36f0526a62e1758b135aa58812796e52b9befe6d126d8687e51964b4218 |
C:\Users\Admin\AppData\Local\Temp\sIUW.exe
| MD5 | ceec004d31ffc3663728a3ae85ab578c |
| SHA1 | ba72fdb03edc3cd5696238ae4a0941a9ed031db0 |
| SHA256 | 2cd4dea4e2bd72301153cb60124d08eed3eae04e3e5307e6ab80eecd3f78343c |
| SHA512 | a0cda729b8a8b4b04a7b5c2f10f68f9f7b8f7ff4322e47b4e5ff1f59a8ec4f4c3d9a0f8429221f65e4dc07e32da36f80ddbe6739bf4a947afbf119a5a7aac7ca |
C:\Users\Admin\AppData\Local\Temp\qYIO.exe
| MD5 | ce62ac347f2ddea6df0363e9d7230c1a |
| SHA1 | b769ed578085a9958dbd8cfd1fa1f541d0db5c04 |
| SHA256 | a6af4f8e3c2684f3a59c615319f1bb918bdce76366e36c322a8072638195b69b |
| SHA512 | e7a651aade9cce641e0bfbc55ebfef52cb282d4ca694045c8addb91dec12339ed6c90163b5405d2df6e9466d5de822ea2d892f92dadfe55bfe6a3df9f1e7636a |
C:\Users\Admin\AppData\Local\Temp\qMYW.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\BmUkkkcU.bat
| MD5 | 2751cf4354fa7a07983df03fb7671c2a |
| SHA1 | db64703f222167b6d8c63422fb52d95293a1f4b0 |
| SHA256 | d56e97f34f9c21478a66ede0b850385d8605c7cea8e9c27a1f31e4b122e7fd28 |
| SHA512 | 2d43e07d3b3f1b5e5abfceddd352a39e28ca381781eb6308757456dddcf84406b55d8101e2341eddf37c73b169d60e4c75d738ee810050b0bfa4f29eefa8cc31 |
C:\Users\Admin\AppData\Local\Temp\YoEq.exe
| MD5 | 41ace1453c4efc9c594d03172ecced58 |
| SHA1 | c93e2398c4a8275d6995e2e87a6c63f750034dcc |
| SHA256 | 6bd89ff0271f46460c12b537d5159c19eee46aa19a9c3b67b1899f3c4af4fa84 |
| SHA512 | 455d277db8c0c6d90463f6906eb5a2e96e9d1c848a41fc0e723b6bd1809efa93870e104b666b03a8494bc93c1cb299c63b01a73b1abad0cb3eb7760f91fa62d9 |
memory/3036-1272-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2596-1271-0x0000000000400000-0x000000000041F000-memory.dmp
memory/316-1270-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2596-1269-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EIkI.exe
| MD5 | f00d3981edefcf3c46fcaa57f167c7e1 |
| SHA1 | bbfad7f76914cdd09b2bf96a0baf5d3555862ac9 |
| SHA256 | 7a77364b7b8b5586a9db37fe1d0aec751f2d45cb0290b9b1c803f5261ebac837 |
| SHA512 | 4e1f6b789896b9a9433e7f7eeef551c2eabe9d9a4d71cd94cd05246079860b53e409327ea59947200fc86558d8c6078bfdb9bff75e4c20476ad277af8fa881d5 |
C:\Users\Admin\AppData\Local\Temp\eMwu.exe
| MD5 | 2a864ebc1fdf5e78c24d9cb264410415 |
| SHA1 | 62d06d9f306abfc45f64396ccea2226deebc93cb |
| SHA256 | 7ce1a1cdfc9f9538219afe55c361cd361585bf40a487107377d6431133c78910 |
| SHA512 | cd03f901ae490bd8dbb94731abbe294ec9e110ce774ba1a39e56fba7e527074f8b2bb541c853f2d5b0f317947c75d2051cca843f365a536fa60e7d63b60f3aa5 |
memory/2764-1307-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OwkU.exe
| MD5 | c2d0755e2355dc72149b87388df58a6b |
| SHA1 | 96bca6133b76a3e1daf0bac0c215699b9e2516a6 |
| SHA256 | 4830e70d8b62cd1ee4aca314defedca799552925f70c84c8d3951abcfa0b0117 |
| SHA512 | 4fdde8c6469a3e2667238f454c263071ca7ef7e05572871c388318c96fe46c8e7f821cbb75b3cc64d034e2ac2b3831d70e11dd4bd3034f55602feec44beed1e7 |
C:\Users\Admin\AppData\Local\Temp\sgsk.exe
| MD5 | 8dc7c12e135e1f8542ba40a666a5ae2b |
| SHA1 | d768155a1bd7000a2bc112f8af699e703ac19b3b |
| SHA256 | 24b9883cb3723f27527cf5988549336350cf402ddb2cfeb779333245ead2b9ba |
| SHA512 | 552843eda78bd4c6acbe2c023f8bbf225228151205406ba5001d3e307f983ef902d854e4ff40fd6db7f68ef8291c194aad77176dc25b222207a8f3d07072d4f7 |
C:\Users\Admin\AppData\Local\Temp\ogYY.exe
| MD5 | 0dc82966c8b279c192f383efba7dba38 |
| SHA1 | 357829ee6e4ca113e5330aceb9f54e4da9e31ecb |
| SHA256 | fa45ef3f236d685aceaf4520015860c79c54f9bb217c55198fe7f8b11656bf44 |
| SHA512 | 765acfe9dca7d11ca5651426ab28717aa3f0540eb1bdacb767b79d3fc79babde670aab16125d1032eb1a97731635120fbde9355efba8f397b62a340c1e7b0263 |
C:\Users\Admin\AppData\Local\Temp\NCIIoQUM.bat
| MD5 | a14e4cf2b1aa375da693625eab003ea0 |
| SHA1 | bc6f6e585502727f1af360a2ddcd73dc2df5de16 |
| SHA256 | 053900a5f992f4f6a93673262a4a91654a88a1451197bdd8ce3e679e8109168c |
| SHA512 | 0c047ebf484239d51c4721f5b78852a73384b8c0a247e02e6598fd7af2c6c277562b722646966f1a9474d4e29aee76669188ce2eb6557bb90a985a5d30a108e4 |
C:\Users\Admin\Downloads\CopyAssert.mp3.exe
| MD5 | ea635c7facdb1d95b02ac6c148db6b2a |
| SHA1 | ad5bab46e134c23480cd9ee7f47c7e61992d8d7f |
| SHA256 | b50b925a03864546d4754814bf503a309b4d8e90eb3aa9ca4d7f03dc1f5fc44c |
| SHA512 | 1053c6a11b5e1d9da16b37aac70073d32856e820b8f7a8155c158bef4d6353dab650e91930f1bef00e5ab790a761c9d44a0a8904c3d0fd9c108eb56aa8f43611 |
memory/2552-1370-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2552-1369-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2932-1391-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EYUG.exe
| MD5 | 6fbf5d01e003930e3f200d564367e973 |
| SHA1 | 35332b779b63e5b2953df1b92d3415150aba4577 |
| SHA256 | 355bd0d30aea7b312d947c1eb5c7db61166afe9482dfb0ed08214571060ce606 |
| SHA512 | 6d9364589e0d3fb2b2ef966c4d35fb20b8dc947ba2b07a471f6e5e805aa7058b21e74853f7eec2a8781c77e7faadebe03023be9f86082520226cc826308e1259 |
C:\Users\Admin\AppData\Local\Temp\yQAW.exe
| MD5 | aa4b98298c68e196848bc0c83f6397ff |
| SHA1 | cc0caa6fbbc5fa03bc0512f2a4b7433de43792a1 |
| SHA256 | e85a5a550855bd19b09e727ba69c9b8156d8b57c2f9b128508f05910d214961d |
| SHA512 | 20c5b96f78f631be765120d8e4f159570f1b6962692175dacc50b4d963c1e33f27733f5a90a71cfc40a20d6d7eac241ce9035ce8468c178a2be8dc5295361a0d |
C:\Users\Admin\AppData\Local\Temp\cEEE.exe
| MD5 | a3d8f87af97def816ca8a6569239dd46 |
| SHA1 | ef17ab79c21a876e9ccf21e95d2bb0576939ea3f |
| SHA256 | 1cbb52e23d51d0a730fcf6467bf2d249e34ba86a60771537f448edb6954c1347 |
| SHA512 | 2727b26d1682146de505dbd81d0874de53a47578e8216762002698499f317d49a6dc7f21abdd49305d99f5f19533a92ec103f57936862e6dccacddd0e2d3c9a7 |
C:\Users\Admin\AppData\Local\Temp\uEku.exe
| MD5 | fe1606c000712601f4ba776eb5bdf117 |
| SHA1 | af9fb3d4a5350f8dc4d370ab86a4c9bc5c848e1b |
| SHA256 | 1f2d11e9d223161fd4ae9b7952afa3b2aa4d2b65b07f0c70287b5b21020a1de9 |
| SHA512 | ec8532cb9d42dcf0e66173399aa9f9ac5c98861454d23fae955aa9f2a5ccf18932977875c8dac8fd7a5930335f5bf57d8f25aa3c843da8048c4aeb9fce5bd5ac |
C:\Users\Admin\AppData\Local\Temp\gkcYwkck.bat
| MD5 | 01a2862ed843eda2a6bb56a96a3a8b0f |
| SHA1 | 5ae2a2933fe6fe14696af23fcf81aa8b3ae67cf6 |
| SHA256 | dd5d089073b60df99c6a13481e79596bc3161e76491206682d5fd26713e66a27 |
| SHA512 | 13e5fb385df1978dc2bb3271c439eafb1af5dc3e917df0780243b4e6fa7a23f0382c3bdb1495ed26f45410a953acd61c4b2dfbd86565698938ecb37e637f1e1f |
C:\Users\Admin\AppData\Local\Temp\IUYI.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\ewEK.exe
| MD5 | a6a15fd388ab7fd58d0716448b5b7696 |
| SHA1 | c53a62b4e8848b1ebc59e4757dfd5c9884c3f92b |
| SHA256 | a4c8d2e0be03004f6099d121f5d3961c2da4bc452c0c5a50ab20901efc164e36 |
| SHA512 | f6483b671f8b7adc4ec90a6152109438312206019abcbc263dc9d51d7d0135927d63fcbbd318c2c999f632538810df4828895f3ba0fc4b9d1db57fa243b76de3 |
memory/2648-1467-0x00000000001A0000-0x00000000001BF000-memory.dmp
memory/2648-1466-0x00000000001A0000-0x00000000001BF000-memory.dmp
memory/1480-1489-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UEgk.exe
| MD5 | 84f3307ba1245f8d2120979381645dfa |
| SHA1 | 4496abb32fe8fd6a4d3bf98712cff0e7e0b635e6 |
| SHA256 | 47f8466301462ab50aa51be2bfaf73daf6929729bbd24313efbe8dacb05a873d |
| SHA512 | 35c8fe9b989e43faf240002871882adfe1e09a7191efdb393e2b3a0511a1b1b263e3a5707526ab18dde09b9afe40d2c73519e810983b1222428a48b0e50ac72e |
C:\Users\Admin\AppData\Local\Temp\Wgkg.exe
| MD5 | 08ef07a1835f52e621c87905ca443de8 |
| SHA1 | 12e13f9408cb86561a7c282e94ef94076d06eefe |
| SHA256 | 9197f6c508d6438dc79336950d708834a390b01ef0a7a05c68ccc2e677109105 |
| SHA512 | fb76b90d98022009f3d2b4384df6b180a8299b41bc39cc892f5134689e1ffba9c782931fae097e14202382d7271eb1b856896c1c0241077d54a8f6febd2bfe0c |
C:\Users\Admin\AppData\Local\Temp\iyAcoMkU.bat
| MD5 | 123bb60b4f9d55835395c22217e6400e |
| SHA1 | 5202c4c50a967edb97552c1d1d63a2b61e1a18b5 |
| SHA256 | c73c8f466792aa8341a7af1841bb2d1d50a9ad5af7c824b1eb9dea7a2fd9e47d |
| SHA512 | c98255392296f626c782ce4e905a3612464511d0d4d3aaf6e474c4b203938ce47d3aee8b6068d1f3ee56d02727885179e819c8fe603784cdef70825aaa10d875 |
C:\Users\Admin\AppData\Local\Temp\sAgO.exe
| MD5 | a9f6e0b535790b6994e98ba5a020dc46 |
| SHA1 | 0563b4693601d9baecb875ea1a66b969b8bbab02 |
| SHA256 | eae27b9c5ab526d02979877dc3d998abc827fb7c9a3870a3546821cced293248 |
| SHA512 | 81b6d4cf58ddc92e5ef14726bd72295bf0381d17dca2ff7ce32f5e5ccf5ba3ce94876a44581bbf7a50caf2b5c6e64ce653151c45c96ce2cb308e138342a41b7b |
C:\Users\Admin\AppData\Local\Temp\OAEg.exe
| MD5 | f6fb2d9f20609de2f907b2f19d39211e |
| SHA1 | b705ac0020635082325725e7bbdae43275fd4299 |
| SHA256 | 67848f7739bf7dc893f997ec30c8c1d82825447e8a361b24e155314a50d9a4af |
| SHA512 | 94c0dcede80617002ac8ae1343ac1cea83015e9593f8a890a97123e53b378cc7fe73337ad4283be152470f5fce5f684f69e2921db8542400ac4fbbd4a28bd6c2 |
C:\Users\Admin\AppData\Local\Temp\oEYQ.exe
| MD5 | c27181fc9b4af7c945a39b0d59b36df6 |
| SHA1 | 1966433bd319ad1991c8eec6a9f408e304b42ab0 |
| SHA256 | 12ad20792f03d56575cf75ee98e7ebcd5238508836f2f79ed5f22a9f3028c81d |
| SHA512 | b48edab397879dd47e681d0578e8187b9bd95c29616d68b61f0c3a84641201665737d6c662bb593a48ca7c703e5023d72b40cb3e7bcd578020f8ad9226094a96 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | bb3be1751bf4ba8914f7e7b20b651a8d |
| SHA1 | ca3ce51367cf156081c2c55ff899ff0424a414ea |
| SHA256 | f172570d2bc373af6138e198880672c6533c0a66eb4e63c6ed9bdba89a50c75d |
| SHA512 | 0141895710bc4fdf787cb1d3c2b0d6776293143ea214b7b40994ea91cccf61af67ec58c25a8f55fa365d96969a8dc5a5ae6e5b03b38c76ecbf8cf3933ed08e94 |
C:\Users\Admin\AppData\Local\Temp\QaoMcQIE.bat
| MD5 | 09c7ff4207def7acfba8d4d461bd739c |
| SHA1 | 44c0dc9e70d51c77b259c0a566b4154ba51b8f2d |
| SHA256 | 982b57c5be85004d83ca39d3041f4eab7e09e2e6509e849cd664c55cc5f53c08 |
| SHA512 | 9d604acc510a95d62baaf49d8f95dc2d833af3444440481d843fbf03155a5da26f3a7be811349ca8fb3cec8c0e2aeeaaf17f8cbdb9c66dcdd9212c0e0b19c9d3 |
C:\Users\Admin\AppData\Local\Temp\iAYK.exe
| MD5 | f1d7546ef20a3bf5f7fea192cda6cc1b |
| SHA1 | 81af1e9b1fe60404de75913dbbc0d402610b366e |
| SHA256 | 6ee2ef6d06094a478e636cef4a831bcb20fd4f4e11490fd59c2c346a006d5101 |
| SHA512 | b2d59d915ef144175777138a1958cd2019f46c59931b6a845aee2270274277719461487b9df0dd3e6a714b58164c0003512c6c45346a1fabc9bc3ff00e97a7fb |
C:\Users\Admin\AppData\Local\Temp\AwcW.exe
| MD5 | 3ccc3bb29b3da9340f316baaec17a4cb |
| SHA1 | 261fabaa6d7e9fe0ca1ddd3d792d5d034c7c88f7 |
| SHA256 | a0aed59b1f4ffdb2ab68838f152c810ec4a00c6d187f153d2a86ce9f25dcbc9f |
| SHA512 | bf219207fca55a21c933976b8f4d31dec706499911b0a6da2a3e5f4aeac9cb88ad1199e912463b911153cc864cf2f10aca3d8f3109721aee8790d40e3604e33b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
| MD5 | 62ff4d75e5e67f91f8786e33e6a6f20a |
| SHA1 | 1e58c3ace1639c5833a84673e52c728ebb28df28 |
| SHA256 | 434df8315a5595b7c29d4aceed9e0c7291ea02d93883d4629130268849c2c118 |
| SHA512 | 88284589690eacb4388d62b0b591b95ae558dbe91cd6a8ac76e82e5b539e102ad92050db5926985c3672534ec55fb109555c4b17055d52b48c6f8121cef8b718 |
C:\Users\Admin\AppData\Local\Temp\OgMY.exe
| MD5 | 3592cbfe811c035cfdfd9b6aa260b8c7 |
| SHA1 | fc543ff6c37561afc9604c134458960821b27225 |
| SHA256 | 98c96509322ed4ef770a464da8c3c745d930d3e27425e04180e6b4e2356b27f0 |
| SHA512 | 237ffd6500e04fbcfade4669e9789ae0f6c8355254b0532a36ec8a309aa2056c95348dec8d685171638eed93930ce0103541410cd0da9ef01b5abbdda1e87f1e |
C:\Users\Admin\AppData\Local\Temp\EIkgIogQ.bat
| MD5 | 2d1a7a2bfc54b5697f94db8111f0a6ee |
| SHA1 | 5830ce543b7bde27f4385a65c62fb2887cbb129b |
| SHA256 | cad631cbc1d06fa08c706dfda49db19689ebc5e55f0ededf5fb6144ba227e67a |
| SHA512 | 60965f0a4a50f002d686093a8a005e2dcfb071ae69038558337d248bf5ad6902a1cb766076dd61a500aa02bf11efc781a4f60857aca1f59491e26473aa001020 |
C:\Users\Admin\AppData\Local\Temp\sQkI.exe
| MD5 | 4fb6f03a86b6078870d9f46cc0942944 |
| SHA1 | c0984d394b782331ae2d6875953598d7075865ba |
| SHA256 | e085609dee5ca9ee52a38544fc25c6e58506dabd89149c1a34e74b291250cd9a |
| SHA512 | f151a2632c34e105bcc01875631de6bf7fbd056c689eb4252f9e04791f107445f5cc3c4a2e38a410a478e5f3f29ff5e8ab51b7a34bef4c9bcd4e5616291c5dbe |
C:\Users\Admin\AppData\Local\Temp\EUsY.exe
| MD5 | ba1f372d8bff12fbad76422c6684d3d7 |
| SHA1 | d0a5e9887ee23b074f0a5211226b4f4976812f40 |
| SHA256 | 114e6740210fe23f5af6066a907fea57f245a9933a173951623f5e9cb45e3dfa |
| SHA512 | 24a7c9b20e4c5797e651e4df1082cb69dc8e6c878b8be6995eeed0be5ca5fb0bec8a174ebb2c4412f2c82ca2e1954ea7ab5aed2850065c1868d25e5090fedabc |
C:\Users\Admin\AppData\Local\Temp\ZQowMIMA.bat
| MD5 | 72394534f76539bba6738f4adab23f03 |
| SHA1 | ebe0f21f9de39e9c244fe7618782e50035034c94 |
| SHA256 | 7365843efa5292eb01e51ec3bb20a68de0b3eda14de90936c3903bd62c4416a5 |
| SHA512 | e53dd2cc5294abe2b534a94ca02695c94758342242d0a9696cd6940abe10181e971e4b9b095a63a8a3856df730d117bb260fe09815ad0fcbd83ca34cd09d0a7d |
C:\Users\Admin\AppData\Local\Temp\ygMC.exe
| MD5 | 556aff53e646a6f122802fc183ba55fb |
| SHA1 | bbb967da96f36f3754ea3ef133a361e55374d4fe |
| SHA256 | 906cc5a98448a2a69bb66f45fa6bb7635f09764f21bdefc04077f211e37d0ef0 |
| SHA512 | e1d7273bc87a65a7f05d38e60f44d95c9ec809e362ba04fe8226b3127ac0f24c113bfd067aa59b07185f7e7003c12d503d8ecbd06e228d3effe8fe3ea1102450 |
C:\Users\Admin\AppData\Local\Temp\ogQK.exe
| MD5 | 5f45b8260e066d4f78a35a908a5ab5fb |
| SHA1 | c13da296846bc5193d0f70cc96c438222575e6f0 |
| SHA256 | d188fe7cf3777d51696207f6ed89d57cb6369eefe630f2310873d62b48be0a4d |
| SHA512 | f09b6aec4af7f7dee7c41745974f19da1906782f99ede9a9b7fd8b2a87c36ba9b25c9774c7d8b3dee60f3d35439c4f90a587e2405cdb58ae8db8f2c178ac54f5 |
C:\Users\Admin\AppData\Local\Temp\qQos.exe
| MD5 | 5557d9a22324bc9f30b57685539bbc0d |
| SHA1 | 4516a8fd6e202dfc2c3d88e7476fb77f852b7128 |
| SHA256 | eca64b6c5e0efc0f0bd0fd8146d97f7620d01fd61cf48333557f76c4803697f3 |
| SHA512 | 2b5482a00ae3b1cf89d228aa0c4daa0998ba3bf1118d32a3b0ab78c4934d34316bf4c1ab03a14999c945f4e05526cf8fa6d9a0f3c0191fcf2ab5f21c76ef1663 |
C:\Users\Admin\AppData\Local\Temp\BgMEEEww.bat
| MD5 | 77c1c0b2b6822bc6a7a250858e24e27f |
| SHA1 | e085c01a0cd960542d66113309e292186d7f3db9 |
| SHA256 | 314e96d7e127bd4bbc31b8c28f912a980a5500c3eeb2538d6647f2e49d52a150 |
| SHA512 | 29c725f85d47be805b37a800cce5c4534b314dc2966e1b5d5dd92b1d15bb2c3a0b96231c44ecf81b150d851863652232d66cc79f004895952c4f8c0f5bcee799 |
C:\Users\Admin\AppData\Local\Temp\mUos.exe
| MD5 | a0de768d0d054f56a9b63d521324ff73 |
| SHA1 | 8f48612aa024af2f800ce5044bdecd4791811fa4 |
| SHA256 | 278aa470d947eb6cc620f56c346e5bd5bb3a13bc2b3a3b3b2663eef6259ee61e |
| SHA512 | cefa2dbdf6a8c4b9b3aa1c064d6e88abb97011d9ec540913453eabf7c0d1efa8d5325166199abd3344856acc6aa6c611e06c0a061bac5da7630a820899de2bb6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
| MD5 | e12c2d5f73fb10a54b4d766bd7a93ca4 |
| SHA1 | 19093357b7d5f2b6479f1f9252c6f197701d10a4 |
| SHA256 | bec0e51b6d1adfa9a7c4a38127ba2000f0b25e2514853a0ffab204fd6a22dacb |
| SHA512 | 366570e1600052eda085ab91479cdb474886633a7bde471928af26466c833f39688614da8b6dc4848f6cd91ce34ade2c19d68e2846d22fffcb36e39f384878c8 |
C:\Users\Admin\AppData\Local\Temp\MAgG.exe
| MD5 | 8adcf43e6106c5d0bbe850cb77d90ee6 |
| SHA1 | 6881ed30feb736b3a161ec64366f123d04be7432 |
| SHA256 | 71e4482845a6d6139a88e89d3559130dbd5e28e2a47bbf45a474ac850c900718 |
| SHA512 | a450d9e3412f8f77b08e8beb0d2bc16c357039b432381464e9de2995cea60af2b0d7a4586659e56ba8ba3d3ff66f175fbd9e5510db8bff42006eed91ec845aff |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 871d295e760b4393babc339608e23810 |
| SHA1 | 8c08c009ba1a819b84acb14d22954cc0fe9cf9c4 |
| SHA256 | ffe04cf4e4c2657609d085ff31977e8f889ea76763015a7694249cf6ce344ade |
| SHA512 | 07108d3627c36625531d6c9ef0cf697896d6a7476519b796c1e911581949c13d268fb3de6acc59e5e6aac392acfa002ae5115cd15b9594dfc1a98994dbe3e3d9 |
C:\Users\Admin\AppData\Local\Temp\TqUAUcoc.bat
| MD5 | 9732f9151196f4ab14316e24ed359312 |
| SHA1 | 7467aec9610c6309a511ddaa8a3b932837291c04 |
| SHA256 | af3b238f4519b5bbfb51a4b0c2aa4149a39931a7eb456fbc1709c875d3bf2b80 |
| SHA512 | ac5555fc3a94e5a77504f4945e598fdb41d2917b7d1b39c950019384c50c3b86243442a04b8493c07fd75cf3e7c5bede5bab9c4998facdf7d95ac5c41bc3a369 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | b0a81578594100f9532de755ad4becf0 |
| SHA1 | 20294da1a982a2715559df0f98cf46994653bf3e |
| SHA256 | 45d6d11fb66ac672d8d2f2dc1e61312da46f5e4c85ae584382116837daa02e51 |
| SHA512 | e9d739a8b2df337146258a74cbcb21436814101627f786101a879f447547a775e4a402d3b9c2ae0ffc7bd51991cbc3ce4e411177e074671cec687a03bbd480d2 |
C:\Users\Admin\AppData\Local\Temp\CwEU.exe
| MD5 | a3f3fdab7c7f13bf9e77602e97b5cae0 |
| SHA1 | 0165426c18089f7565ddcb12f20e0db070f7672a |
| SHA256 | ccb39f696e0311b1f5329123c9e2b268e9191eb4df73d3c08b0b55347c5703f4 |
| SHA512 | d04f0db065c5cbb6f6fb853ce2c5d5d6b60ae0c7eafb776a2024ecfbfcb46a88d99e46785a2fc97f3e52efc739d67df60f39ace3b9546c60e276d4cf22758179 |
C:\Users\Admin\AppData\Local\Temp\okQk.exe
| MD5 | 765084b73e386cda985213f186a0a4a6 |
| SHA1 | bc86950c11aeb2f5fe39062c3dd836ef997a3747 |
| SHA256 | 730efe4b6d1c8f254882678ebe3f88436050496148fdc6dba4ffb8d520d2baeb |
| SHA512 | 43574da83e55ae516a1248d2f269e438e9be8ab6312e1cc072bf1cdb3487aee975556c557450b70a9451e72a3af75836c2e193ac84110a36d7103a4c1fa34fd5 |
C:\Users\Admin\AppData\Local\Temp\qsMG.exe
| MD5 | fdd758ac04ad234037a805a73a6406f2 |
| SHA1 | 92a85be332bd76f9f3913d3b9473c855821f8f2b |
| SHA256 | 27849d12c9832e38bcd6d129fed4a38c69d26229fc9531fadb058c68aa42a9cf |
| SHA512 | 5ae33d4fc2af6674dbdd03249400b374af9cb46247d035e2b8889c37781fbcbd7f269e6704366f309180d73bdc4926bddcf187501a85eccb7768a75904971ba1 |
C:\Users\Admin\AppData\Local\Temp\MMcS.exe
| MD5 | d12cc4c4d9c140c056ddd262444c54bf |
| SHA1 | 4f0b031d84cce03d796708feef3a20cd0cef924a |
| SHA256 | 2fce4053606678ee6daf231da275eb761dbf1508d494274148407c798775059f |
| SHA512 | a8a2c4d0f4b142e95e53861962eb466ee0d34a686c1e2029080e8d9b0f7ec2deb40b8fcabc9d74403916563c98d36a6e8086631fd1c9876fa691f49d53df9243 |
C:\Users\Admin\AppData\Local\Temp\jKwUYMYg.bat
| MD5 | 36b441bac9f44d5f3537fa7ab4af8109 |
| SHA1 | a7b28999c55977cc6b23d90664b888ad0b1615bc |
| SHA256 | 1c36148506662d56a9e9f87436d6220eac655e17b60595dcd511f87ac2e189a6 |
| SHA512 | d1811e463db38987a92c802f8ca55492480368db193a25d51e55a68a06adea77bdb7d12f2af918598587bd2ab8f776b2230c2c97c1aef3d90f62a3f7187a6e38 |
C:\Users\Admin\AppData\Local\Temp\GEYU.exe
| MD5 | a40e050733fa28ebd415ac2968febabf |
| SHA1 | c2729fdaa1bc30acfbec219769cec2fe2e50e681 |
| SHA256 | 9f150d9668eedca2eecece0efba5546ff2d64ea4242c805b751a0a85a74d5ba3 |
| SHA512 | 6a82c84c07eccf113aad6f6c8595a183c1a3b2fc8ca112dda511d6bba2575390b433524ae1bd0bd2f4e723fc6d96a42a989023d28fe21af561aeacb177b8c4dc |
C:\Users\Admin\AppData\Local\Temp\mwMs.exe
| MD5 | fcec08373498a2a9254bb27fecf8e4dc |
| SHA1 | 12115487a0361a4a8f2a4b48f8a6656344080f05 |
| SHA256 | c0ef4d08b39e9eb76d9342550eda32e9a6e60972b1e35da8a794b98de35c43a4 |
| SHA512 | bf17e530e05c16cd841f85425224ad31058626a2d08e030460a143b98c5d3338ccb5009a3fb5db6ce335299ee45ff36c63c310add82012374e2f0169c85a374c |
C:\Users\Admin\AppData\Local\Temp\OYsO.exe
| MD5 | 6b6f8d7620ec0170e1df8498ee22af40 |
| SHA1 | 071944d91b65f6ca2419e1a9eef7fa0ef6c9381b |
| SHA256 | e3e190753f38ebef3536f0373f96e49636fb1dc9ee0a7ac204d45ac1f8fd40d3 |
| SHA512 | f3faac48037780fd0916e59cd2abaa18d9a35f53c812485782f4a8254a37a0d0c8df08a6d0365a9ad2a61cfd602f05020268b89c29f24e50eef99a1bdbe09d66 |
C:\Users\Admin\AppData\Local\Temp\WkooAMMc.bat
| MD5 | 23e39eca26403877cf036129a0582184 |
| SHA1 | 1adbdde412ce7071e4cd9b67507f5db9d670516c |
| SHA256 | f811a576b83f0a3e31ade1fa7abe278a59be1c1baf6e1274cb47b88273030fa3 |
| SHA512 | 97fb24281206530a4a1c0b267fd07bad199962e9ecb5cf394950063f7f16aa71906eb1a04d21ea5a67cdef200bb04de6b6c8da54120af0ca7210324acc35f2e5 |
C:\Users\Admin\AppData\Local\Temp\uUoo.exe
| MD5 | b1a25fffe748d600eb6c5045276f8453 |
| SHA1 | 34009149c0b8686d4f90f32c684bd2659a578095 |
| SHA256 | e41e310c58766937772cdd9ea52a5436609ae43bbadcb661970275d038b41600 |
| SHA512 | 65edbc96243e23b5879066e717d5de5af45982028f687c745e511c5ed274c11f7b82c4791f7b35bee4aeb910b8563c0707da4bf6126d5b1254c871943123c9e6 |
C:\Users\Admin\AppData\Local\Temp\UEYk.exe
| MD5 | b82edc89398a3add17294d94b0d1910e |
| SHA1 | 459e6a04e4d5f9dd0f329d562d420eb2afab8827 |
| SHA256 | ba8da5e08eef1ccef696ffe01ebb73f5e9f627320b2e072f75faf43fcec63316 |
| SHA512 | 539a3339b199421b2cae17f824d4f0228f712c850046523a5540e86947a71584e5382f776792ee1d7e5b798b9815f9ebe933673421388a44e8d51953c0397554 |
C:\Users\Admin\AppData\Local\Temp\QsAS.exe
| MD5 | 28aad799b43a85772b35932dbd85ce5f |
| SHA1 | d202ba4ff4a6f946cbaaa83eb94af74e79cc72b2 |
| SHA256 | 7694196753322ad0dbb4aa47c7d8965ecaea5436d11133a8eba3c59e41267a98 |
| SHA512 | bc052f87d0e94dbca7405c9bcb06bec6d70a1574eca33800ff9a2d5c45be292bec9844a4e642014d0ccf1db93fff4437b34c4c84d305f3ba2d7fb7b18586d187 |
C:\Users\Admin\AppData\Local\Temp\EEsUIcwQ.bat
| MD5 | b28b8baa1f64a80d65f197ed1315a578 |
| SHA1 | 5a08fc6c3254470bd83c9e492cdd2cf7ba4a7a7c |
| SHA256 | 14b0f0c7e5341c95ef6b11066bb19fe24877a8da553ccf278a8cd44b2e569d4d |
| SHA512 | 665e3cddd82b93d32f58e7200040624a152543ebf8693da3ecc8bd6eac90f339a38531939cf27ec32d962415ac286160514ffcd08f1fa6381d135cd5fb1d552b |
C:\Users\Admin\AppData\Local\Temp\agUS.exe
| MD5 | bcfc1182226aad89eee46ae324dde0ad |
| SHA1 | 6a5d1590da744ab387456eb7ca9d411c28be30da |
| SHA256 | ba2c5b6e91b678c7d980cc0adf17f72f0668bc60d853c572e238b65cc481c898 |
| SHA512 | 27fdd74a98497306843b25b97dc4801148cd9149aec8705ac571f0b0feb9074f24e6c50849690c778096e59d77c45befce1cc72987b6fde563a26fd117c97473 |
C:\Users\Admin\AppData\Local\Temp\QYYu.exe
| MD5 | 3e655f92c84ad525bd46d5cadc26b8bd |
| SHA1 | 9db078d40730a51aedd50cf4c88f667d3d114c3f |
| SHA256 | 16f19fd80035b6fdcac972c3e166860a7eeb9323500a3606fae311c2581e0dfc |
| SHA512 | 1f4ff8fa14cb364484d701c3daed1e6470421db454ffc2b16df2ef7c262ed27caecd4af908d54ec17752bc2f6423710dc401b3b3652817e586a2fb11bc60edf2 |
C:\Users\Admin\AppData\Local\Temp\sUIk.exe
| MD5 | bf682762ebf6020ef413e4b3dd09f8e1 |
| SHA1 | 5ac239399d159834419eecd64076adc5214edd3e |
| SHA256 | 00c413143281e2258cd94b33047a7db38a44e51d8e26bcbad8d6c65f7088a92a |
| SHA512 | 294e3d72beeefe802085fc432947c076ed52de5be5381b4b472cc167209d67a065809c83c1d8aca5a408de9a8d1c54d61832a044889acd78f8948b3e5d7ca8c4 |
C:\Users\Admin\AppData\Local\Temp\swIYwIYY.bat
| MD5 | 5924887963bcb64f4f37e1ce5aedbf59 |
| SHA1 | 429c737a871931952dd14727049a21ba51d48289 |
| SHA256 | 7de095dd9ae189c03e29575398cae337f269530fa0890ed25b13987047708580 |
| SHA512 | 71b88b67371b4f9f78286e76de4d9fb67f27e5de1b063ad905e537585c6827582dbfa3ffa64b9235ce9859879f50c011946171d80735ccb1cbb192b5561f6b64 |
C:\Users\Admin\AppData\Local\Temp\uEkU.exe
| MD5 | 797ba2be40a5691c8489d523f79b2dfd |
| SHA1 | 2b5e51d8995f8621849e7c8cba90c08de9c95592 |
| SHA256 | 7d0157b5ab38e5f8e85ce0551e1013d11e16db01704162ba1318e732608eec1a |
| SHA512 | 68ee13093a047ef488b5617441f25d62cb9c63b11e228142be0412e66463abf7d532dd949242d45d02fbcc413b49ef5ed0f30912929b7fc6561e6d44dc43d171 |
C:\Users\Admin\AppData\Local\Temp\qAQS.exe
| MD5 | dad9c6788c78af79bac3092f5d521d9e |
| SHA1 | 4b8af794c0eda7d42c132cc7e27d7b9d255df1c0 |
| SHA256 | ef30b078d9bd0e3c86fb10e1803fe1747752db40f088d9f3b9bdce482d5a2844 |
| SHA512 | af8e748d974d5e7a6a126868ffa4542dba815bac3f5d23c5dcabab4930c49893b10fb9d826597cda1cf8b9a438819a6927ab4294e836432d053f94b1d03722db |
C:\Users\Admin\AppData\Local\Temp\iwEU.exe
| MD5 | f080ffdbad123397c9faf02b43d9875b |
| SHA1 | 910b2862a5fee59b0281aee98c27b76b2ce0fb06 |
| SHA256 | 2a86b6c05a4f5a62a9066df895a9a7afeab4d94e3843efef096cb8ed46687e53 |
| SHA512 | ba47602129b65a360deaf9d312ffb6a799c630a7042cabe1b6f19ecd4a368c81766f7edc449381dd00ff2cfdb5b1a3ce5107f017028b53ef63906150e0a64814 |
C:\Users\Admin\AppData\Local\Temp\cYEoYcAg.bat
| MD5 | f92f38979c395b28eea894e17acb0b20 |
| SHA1 | b75c6e3665441c734c19c0b1580a9a677eeed8ce |
| SHA256 | 5927004e19eea0bdd6a6eba1130c90d71092404175ec0d98f9072e3d5b88cd3a |
| SHA512 | 02c4c31469c08753195487acec54aa555e853ecece1ed60f41f38e428d6e39bb36c3bcdca042a9f185d03a441cd4e1db1f2f6e754ed70239c9003aeb278ae4a7 |
C:\Users\Admin\AppData\Local\Temp\ukAC.exe
| MD5 | 7ca21fe1c270f0b078c8f71eb9d41a82 |
| SHA1 | afe82c6c99a5a4d5d101524ae670f458f9ad3382 |
| SHA256 | c1f43bd36fd7f73cc597fdcee502cb3dce3ca78b99aa7fd6e7ac400359292638 |
| SHA512 | a9b90d792f4ba80d9e3e9494e3f8a4e76610830df74bd39e3029282445321bc429046448239d2e25c7a11d3c721b99f7fd70f2fea34898d68c54631256c53bc6 |
C:\Users\Admin\AppData\Local\Temp\CIsA.exe
| MD5 | 52f22361dea9c818ac639d16e410de74 |
| SHA1 | ac86d14e9e67fbdcdbf75ca930ffbdab4131383e |
| SHA256 | a00b99e99a7733a791c19aacc461d5fe790938dd8bef9ebe68d26250768a99d0 |
| SHA512 | f695bad2b7520c1390134c7fa485301daec3ec3f424c15494d293f406de71653911c53370da5fb1da4700e95ec361f22b7afe4fd52dbeb0e37f592ab9732d68e |
C:\Users\Admin\AppData\Local\Temp\fKUAowYs.bat
| MD5 | 8c2c4b0c8030b85c46561d831d50812c |
| SHA1 | 630037ba55efd1395340c896b7bf10326fb90d2f |
| SHA256 | be23b7d05e9e6fcb524080461da9e155f8dfd6ea5eb781417d7b1690de3c4d35 |
| SHA512 | e0e816cbec8bfd5daa86bbfe9d579fe829c7cceb1406105546799542c954578512d08f19ef89733336aa21b66e7c883c2260a3425251f1b81234962416294c56 |
C:\Users\Admin\AppData\Local\Temp\CEEG.exe
| MD5 | fd13d6948a7b99812dac46a2d416998a |
| SHA1 | b881ef46cfcf1489e73edfecc43df90b692aab84 |
| SHA256 | 1a081191c17dc8d3e6753f083d10b2c92de78e34bf52275e27577aabf8917020 |
| SHA512 | d0175721cd296a93d09eb2c7744cf35d8d7e601922165fa19c5331b6e982c4dbbd7a71a001c4e585542726bb38281801d25a7c143e3ba093a1964fd7e48f0566 |
C:\Users\Admin\AppData\Local\Temp\wEEY.exe
| MD5 | 378e66d6dc702aa6e1fd134dd49d4468 |
| SHA1 | da21efefd0ddafc6de48f992ed9f0ef6f76d6b87 |
| SHA256 | 4297baa274f7c3571e9190ecb0506fac80e9a00f9e76cfaf1c71fc587ea1cafc |
| SHA512 | 67d4b735527ced076aaa61edff23440a410543a3f281804eee61a396d956de950b1f0630bd50a7d8db80fe6cd09d959f42106e2d1c2a0f99364c83f055221f6f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 61929bfbb41871a3c0e4da0839777768 |
| SHA1 | 256505cdf33aef7e4d75ac8e64ba9040d9d78a9e |
| SHA256 | ab18f75d0cc51444a909bdd7a9b52840f6779bd6ea46fe08bff4b784d676cd79 |
| SHA512 | eae34627a086bf09b814a1063adda61c06a7dfc7aa37d28d06f6c14e5fbdaf3b1c109f74f213536866cbfd71fb27ffdb50a669f885f90494d5960743e3d278c4 |
C:\Users\Admin\AppData\Local\Temp\xUEYwkEY.bat
| MD5 | d05d3e4538e0cfb93f08627a9febf368 |
| SHA1 | 216db92b4288dc8b056290a36bb954680451d18b |
| SHA256 | a8a1f7eab482d0c563d7db26d3af4d64edfb723b0702f3697bd6d1351d012676 |
| SHA512 | 5f063ef5a3997975e5549f4b6e294576ccdfae1e246ffe26fe272bf2198b796dee7599e550891c1c55efc284534a43da5324da37ce8111c79d5a3c1774e17a37 |
C:\Users\Admin\AppData\Local\Temp\ysgE.exe
| MD5 | a882712134a4a606907e152ea296d583 |
| SHA1 | 4836c294872743cf46da904b94ba1f1de3ec68fa |
| SHA256 | e92b76e0efec8f74b14e1c835ece7382644bcd2e8709805f911d2827c0db157e |
| SHA512 | 14814ad15659d5a874246a3847f25a9dd72fd0466661078dc6b48be6b974b0305e2acdf300750ad78c481c46121b19c30e4fb86c023c95643816cdc5d2a7fe8e |
C:\Users\Admin\AppData\Local\Temp\zSwIUIoA.bat
| MD5 | 44d45b9af05535a5ed91e700f3a197cd |
| SHA1 | f54448f69ccc8ff944f53b309c4e8ccfa41b9b8c |
| SHA256 | 685512bd1296c8608f80a23d1d8bb496274a24a10f8d929d1e3a81aea4a7b69d |
| SHA512 | ee4a7a43aa58ace7e4ad6b6a9112c6bd0c2d666412ce0bdb8e956c1cd2e322f023966df9a3433131e0add34f61c94067e35051b593f464107d48562d1ec0141b |
C:\Users\Admin\AppData\Local\Temp\fekUYUQs.bat
| MD5 | 3a75010405f72ccfa652ad4f5c33bff2 |
| SHA1 | f79150d34bea725dd6b7536fa99ef99dd88d550a |
| SHA256 | 024e9bcef9221722607905c60ccac6c2e7df2a8ac3663ae57ae65a0479912594 |
| SHA512 | d49b50cfb0206a0215bbc2f60e09dfd4d7453431f2351db27d216163842d4a84692b3f8a8c530fb09ad3e012dbb55a29d533e24572e1a960e0e4f6d25ed43a5f |
C:\Users\Admin\AppData\Local\Temp\GsAw.exe
| MD5 | 641871f0f80683f0930ecf7b31f5d7a9 |
| SHA1 | c3f7f71139d038305fd55fe5c076561c3b91cf72 |
| SHA256 | 819ab7357e66b296213c84e0dd8acd38737d1444af2a92c68020fe3a1a169f90 |
| SHA512 | 6ce51225549312ebff0e52168369bb2f5e0309483c35f5fd8df9e80c7f9839e330ce2eb7a3bf252e33ad7393a37264689b0033fc75ea0bca2a6b2b953b553d70 |
C:\Users\Admin\AppData\Local\Temp\aIEM.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\KgII.exe
| MD5 | e3fcf72072422b94b4269ed4e9490ea2 |
| SHA1 | 6e5d45d93f1830b27564088d166947d24a84670d |
| SHA256 | 550318e4c0a719ac1f59238ec6a28825f7ae9a5a7a2a0629ae78701883f29391 |
| SHA512 | 8b8252392e947085fdffa86e0d579be45d9318b643331dd163cda224e27b1009e50ba17096d99f545c52aff7789f0494f02d1a41361d82302f70f3580506693f |
C:\Users\Admin\AppData\Local\Temp\asMYccME.bat
| MD5 | 1423b497c35563a0a8d233be9541d16b |
| SHA1 | 5ce4cb4e9a8d6c1a7c7eb71d6e0f0c93e87e6930 |
| SHA256 | 692fdf160004b83e14804edba1c9c8b02ef8c85efc547d0855315cd939925ad2 |
| SHA512 | 1fdc9244aefd26930f3c89d8d45d95f7f0257785544df4ca177927c3e1482e9845184471e7748d55aa24f9db9ab6013aee0088ff9aef62a6c904fe27b0e9b9ef |
C:\Users\Admin\AppData\Local\Temp\mwEC.exe
| MD5 | 457c56c7cf74d45a501709cd49f2e3a7 |
| SHA1 | 0b9b11d42dd99c2859dbe184887c8f6b09eb86ca |
| SHA256 | aec090a18f3f7002d324bc94533a8cd150f265fe8af3e2275013cfa5dbe4a57b |
| SHA512 | aad57ee8170c04c4b231502b122ae2ee3e4a5bb2f63a262505dcd8813b6876a9c1de998e803e89962cbaf3f34850e6b54bdab39ab9325ac74af0c48ce2fef74f |
C:\Users\Admin\AppData\Local\Temp\UcYQ.exe
| MD5 | 2a5bc8a5554cf5f27b9b886bc3225722 |
| SHA1 | 5159edadb451bd6e2f82c118d3a2fb822fc7bca8 |
| SHA256 | 35cac03c363031b8a0ef773283f750b42f74d9baaee0812799d8419c52d7a20a |
| SHA512 | 7216e3b6425ba5ae9229ffc7185fb300d33bfe7bad317826a5372e55d7cbe8cc321de3a838c2f3a3c45754bc38ad2949241995e672673273f58cc87d775e498a |
C:\Users\Admin\AppData\Local\Temp\sIoa.exe
| MD5 | 6224847788bf923e8f13e431f76069f1 |
| SHA1 | 496bbf3291d2ef19788c28057da4ead19341bbc4 |
| SHA256 | 9d520f7df5d48ca986464a8bb560c76513ea5553d2b0150e3ab23b60e3d04f6c |
| SHA512 | e51f7494a7ab7e94470e32e287e5a51ffaf271d5b8c66aef70c96b7b00fcede4760894092c126a6bf304db2aa518428e39cc2e12f2bd39a46fa346f7887be1ed |
C:\Users\Admin\AppData\Local\Temp\KssI.exe
| MD5 | 2be08f7b38f43c455a4ff9cbb748481a |
| SHA1 | fdd43ecf81e3bb7762fd10ddac89fb2556df1457 |
| SHA256 | 0cdad5cf159395607f4a806a07038fb4e5c5ba33de9c7e6602273b2861d48c5d |
| SHA512 | 002b58caf6d5ec30518a3a48455ae14baeea50ba0043323c25803f00c1c464aaeac5624a6a7dc9f0abb5e70ef357860561bf97f148f3af20bfc8a95dd0460110 |
C:\Users\Admin\AppData\Local\Temp\WkYi.exe
| MD5 | 8f7beec88709a9f7e4df2b8e2682698f |
| SHA1 | e817b9e0e5d52a551fb8dc02a4d00d66e2e1efe1 |
| SHA256 | 6f31349618471684e6c5fc2d233f70d1cc8551fd4019410804ad14a298ab44db |
| SHA512 | a622a298cc268d9b7e30b812ed6d2bb9bc5e94afb701341272167e133d139551d5c8d939dad8598a3b2970487bd49d4df0b720dd1a011fc3512af6576b648414 |
C:\Users\Admin\AppData\Local\Temp\mOMYEgMo.bat
| MD5 | 335bf635d1b8376d1975e371c7831eb3 |
| SHA1 | 4941a04cd7a91e48d47c217abdbc0ef2af5f617b |
| SHA256 | 3bd3db9a8b1ae99972e42a64e3169dac3466de23075daaf36ff898a64a8b1a7f |
| SHA512 | 2765e1857725386fd3e0e282872e875e954cbe8f78407d40f9c054ac66e5755aeae485f3afe056cb16551d07951f845953a2c53017e85a40c53a92ab70a8410b |
C:\Users\Admin\AppData\Local\Temp\OgoK.exe
| MD5 | 9927d6dec2eb15c2ed9916480f7e8e3e |
| SHA1 | 7e44ccaa950a9a81844042e9553a41bfe1fafc70 |
| SHA256 | 4674b6932889ce511f29af17b80b64b6e8befcddc60baa727b40a1b208d09dea |
| SHA512 | 006b23cbea7f1e26d4e5fd4330333b3321418bc019428c8b120f066b1fe8a4c44211343cea7221c5ff768d699090f1d4b99e9fa0e0999d9d8dfb6be4059e5a9b |
C:\Users\Admin\AppData\Local\Temp\ykUU.exe
| MD5 | 98738d37bf5ec11427b7d86e035023a7 |
| SHA1 | 1f3cfa063d3bd5ea156b038099f114eeb2a8f006 |
| SHA256 | 3e0aa4f3fd2e2925f799e7c9057b93f4845e7e8e608be3f5b532997a20ede371 |
| SHA512 | 2918f0b544db403697ae3f7f0e3c26bb1bd16f7f9812be525155cdec1ac367e9fd9d83a917f57340f4902a2b141d58be0c3f144ace2dee6b5b424583e7e91bcf |
C:\Users\Admin\AppData\Local\Temp\sIIc.exe
| MD5 | 494149fe649bd148b41102d58d0f1640 |
| SHA1 | bb25b0424cc59dfd42afe7f5a65112c6d2aa5dae |
| SHA256 | a91659139190261dcd4825efae9b489ab7375c8103ad7b4f4632399f36644c28 |
| SHA512 | 7b1b6a43623e799095badd582a3fded2885851232d6ec88f678bac0f95e34cb497ecdc9c23046be6edd7bd81a65a7152d855d1f79356accd360c78d1a85568d8 |
C:\Users\Admin\AppData\Local\Temp\mkwm.exe
| MD5 | c795877ded4f73c2d06582ad68540269 |
| SHA1 | 7f1d52487bbafb3fda621c8f3831f9a56d01d638 |
| SHA256 | d896076c591fba2306e74ece40f2b3504d7ae82516ab3bc2b10e0bf39d80a6bd |
| SHA512 | 1d1b04e4facc038d2a12d50ddc699a5ce991e29b05d692bc0d3612988fefdf6f44e7966984d97904cb86e2077a2ff8caec081d645d833c41cf39feeec1abbd9c |
C:\Users\Admin\AppData\Local\Temp\yIAMscUw.bat
| MD5 | a87444e96364386118c08c31f87809b6 |
| SHA1 | f31457730890500cc3d8dcb448a5120b0e964e62 |
| SHA256 | 2865bb14a0ccd11dd11b1100677724e1e16dbac1a23068593847fa9d59ffd2b9 |
| SHA512 | 7442616b1ecce62834ddc3e3106a20eab00516e5d05935153db35282d9a0491ca55445b8f58164b62782843ee24664cb133bf71ee9a1b2f61693218e1d34623d |
C:\Users\Admin\AppData\Local\Temp\fsEskkoY.bat
| MD5 | e8c1790035fb17f4fbf033874a13e781 |
| SHA1 | aa63c9e48434591e486ee4a341cbc3d6a6c5fa55 |
| SHA256 | 9ea027e52ed701578ceb781fc37018f0a8b9f9b673acbf5456d6feba4b9c4f65 |
| SHA512 | b10843bb0bd67d872845d331c195f30793c28371bd0fef22d52b859f8d9ca8dccccfc4a0bdbe295ab90a55c89a0c759fdcee90711bcfbb3b5ea2c94e06ddee41 |
C:\Users\Admin\AppData\Local\Temp\VeowkkwI.bat
| MD5 | d1f92c03e2018d7621c8d564d20cd3d6 |
| SHA1 | 725ea0ef9c54b89a57dbdb3fec9941a42d3244ef |
| SHA256 | 2606c189e72af59cc1bb5259eb2e7a296dd03c605e83c1a5bb8ca36e02019b3c |
| SHA512 | 9cd61c46e0f16d521b4fc39f337884a877d9b9f754b62929996abeca4ab07b26a45a39ee7b4f2c5b5c3c2b3274516905001041034da9b75500728ef8e9e53dcb |
C:\Users\Admin\AppData\Local\Temp\jaggYsoc.bat
| MD5 | ecfa1dd6e7168aa01e97be335b56fab5 |
| SHA1 | 8735bf96f4f8da2507171e4a7406f421bec9212c |
| SHA256 | 1b087727f90128f35c6084dba1b04e23d178abecf3ba77cdc6ecc68b746dcee3 |
| SHA512 | 961dfc5333398c05df0b2ee60035de92c26b864705eb3a7e7c7bd9300985fb71ca369e56687240833460877b5c44cbb03f4cdb6432d1bafbe630e0bfe9a56d05 |
C:\Users\Admin\AppData\Local\Temp\PKkwgAgI.bat
| MD5 | 53d5d43aff8521619ba727f83be2efd4 |
| SHA1 | 66b58a57281933f3f53f443b08ed5209b5b98690 |
| SHA256 | 64881f1cc94b9839a2b06dc1a0afb317c80a336022a6fc154dcbec72ae1a9a32 |
| SHA512 | ef22845866d8f854f47c9e893a8f2e1065b77c1457fbba62320e960fd9fbb475f5e03048ccd3354f16e19b5fffb72aa314e0036bcfc5293000e3df5e81f55d6a |
C:\Users\Admin\AppData\Local\Temp\OYgYQsUQ.bat
| MD5 | c523f841e08bf1cfdc8a546a6f5d3bcf |
| SHA1 | 19aa2ffe48842c28c120b68e4c18ae1725994154 |
| SHA256 | 9c3f69dac251225cf03112b825a108869050e44ae4dec84dc4503bb787522d22 |
| SHA512 | bc43c08a2e758a9b9bb04a7553e69b12de36b49e6cdf25237f8e0351b1b4b850a01255cdde7d3abb0a1b0309cecc7ebaa2ed2b354178c30eca003005bad3fce6 |
C:\Users\Admin\AppData\Local\Temp\AawoQUIs.bat
| MD5 | fa059bf8b28496e16debf5eef5ad1d7c |
| SHA1 | 898e750ec50b3350769c3e4952bad1130b47f825 |
| SHA256 | 9d6fba1a7acf0701bfa061b3b58dcfdc8108a03418a976e6ac9086157dbe6577 |
| SHA512 | fd862cbd2428b1f9331432a7777fda90ffc5a1cbf70ba4d6185a1bde3c89119a74baeda1c9c7ee17981e2bd17ce9a0313848ed3e4e7f1cfc50fee4b1847fc0d2 |
C:\Users\Admin\AppData\Local\Temp\iEgUUwwc.bat
| MD5 | 441ca69051b7d97341874fd2e8c987de |
| SHA1 | 29b48b2b4b0c4888583d29ff90ca4e6ada408cbd |
| SHA256 | d4d3991e2b982077559dc60e1337f951e47cb4ef600709d94de207d37e507251 |
| SHA512 | 153564e803b894a182db9367c8cf7514453743b5e1ebb4359472d57e5393219aa4c24ebfca46112804ac7b519eb1c4174dbe3fef3007c1e136bc90cb7033264a |
C:\Users\Admin\AppData\Local\Temp\AOkIEgwA.bat
| MD5 | 803f3ccca5e6cd266775316821bab02c |
| SHA1 | 380640835d27bd69685d565bdd6a05cc75e577a1 |
| SHA256 | 46fd7d43c4d90ff2a507dceca099efc6929fe40ce1d71cbd4af3980cf818a61f |
| SHA512 | bf1d14814963bb1523373dca6a9f6a2e757c003c8648045b8f7b69b85b6ae8bd465a26d6f9a4786e2929b40fef107a6cb214b943a7420302e1907fdcd1912d34 |
C:\Users\Admin\AppData\Local\Temp\qqAAsocI.bat
| MD5 | fe0d5b1da817966bbe524abed2e21743 |
| SHA1 | fd8c65221d5078c846c8b81a184f522c663c7b7c |
| SHA256 | 15ce6f05768e04cb0c99a5ad50c7e5905cbf129dcdd0cada3b5ec0ac561ca1c7 |
| SHA512 | 8019cfe53e22d3d99deeffd9a37871429e3d38ad18bb508dce7c3f8bfd5d8d48338e27ff8c4d494ee89062f22783c84bab42cb4fa3602bacc68a2cc22d064a93 |
C:\Users\Admin\AppData\Local\Temp\JUwokcAo.bat
| MD5 | 57b50ad203938ab5121eb309bb66a9a9 |
| SHA1 | 7eea82bdc33d07fca038e890d6db61583f518a73 |
| SHA256 | cf08c6b37336c6c1b1cdbc1e101799f71833d4f81abfbbbfc320b50a67518a79 |
| SHA512 | 91cc5d22a44eb85022ace3be87f952db490b4105d95b53688f31ae3d28d98aa13468d92b7224fe2b9fea5086380980d3359905706f88d51384cf07c0b6c46501 |
C:\Users\Admin\AppData\Local\Temp\JKcskkYI.bat
| MD5 | 79756a023e9b112bb51b013e5fd3d4de |
| SHA1 | c6ae4f718cf494f233e0d4fe5d9bfeb88a52d6be |
| SHA256 | adc32c46e03674fef1000f7a1beeab68f98371a8e6d42d69165dd52e541ab6bc |
| SHA512 | 966ef5bf6f6c79a027ef873e6ea6bc5c5b90af66b9034a07dca9f7f40df5f168dbbf6986d8527f7ca546ea198ff372832585e586ffb28d1c96527be333f2498c |
C:\Users\Admin\AppData\Local\Temp\NsYwAwgU.bat
| MD5 | 69e36ad5b7f22189bf114a3e16d73a54 |
| SHA1 | a26b27b2633c82dad8868f554cf857003d28415e |
| SHA256 | 88c8b48181d6739fd06570dc8788cade9be286be6745b406f24c8f29957de05c |
| SHA512 | 50170514361e3e460f83644992d4ac5c21bd100eabfbbfa4c9b799ba34190e20a400e77bfd1be8589b3d3f3be6a1252db18730e1f1b5b0f7c26175c2324bef3b |
C:\Users\Admin\AppData\Local\Temp\lMkMMcYE.bat
| MD5 | fb4e7d41e43c8a536fff0ec1b75880e8 |
| SHA1 | 164decb7f538009462c5a729ce03e6d357bf925d |
| SHA256 | 41ab5233bad67bd2e47e340ba84163a075dcc3c3bc9542944cf850c32a094b6e |
| SHA512 | 7801d8d56f74481b7ae138fcc54c1a75ef0c87ec33ee585258eb4104b0a00bf8fc922714c834c3fb252ea239fd0a95897278fc2444b40947bcd12b24c43724fd |
C:\Users\Admin\AppData\Local\Temp\fsQgsMgA.bat
| MD5 | 1e1799df0aee84159f261976e6ec7c88 |
| SHA1 | de48aab8392ad7ebeee3620803f5365f28bd59cf |
| SHA256 | b6b6dc277dbd75f5b9080f3a08b68e661d39964e9e6cb424c10742a99196c308 |
| SHA512 | 59321427d16fa24beecb06f1a31d668c44aee003d12ba40c85d6cef12bc1b45d28c1db1b7a095bab08cfcec9c49a2af7040d6efdf1d2f9eb82f5308b49bbde6a |
C:\Users\Admin\AppData\Local\Temp\gWwccYsA.bat
| MD5 | 3dcc9da207b62008b61597a66fbf8f5d |
| SHA1 | 194d42007c5de14b7637a29cbc71b78b5922b7c7 |
| SHA256 | 651d2f78bfc46ddf68743319ec1e62e0944d480add10a3ad631ca13a09b7fdb3 |
| SHA512 | d0e1bcffd5af66edaf82629d77ee3d8015bdcd6b6c6bf05a282a32d3df7492f93cd02f2c80769b53ee6aa1fb7686c3b3976dd651904740fcd3d2c11d7763cebf |
C:\Users\Admin\AppData\Local\Temp\UkEkQwow.bat
| MD5 | a6fa53890869a0daa2a7d9126506e8d9 |
| SHA1 | decf56d6781796763edfad38db3dbfd7dfdf36d4 |
| SHA256 | 293de2421b71a7e88c10b063bfed2cdbf4e0c2179e04a42ff20cba369c57b37c |
| SHA512 | f6414f501e76efc9ccb4aa242c9be0a307c766039a034ec82f4cf77f88debc79bda4c6d129caf4903f4af58b2f877757ce578abd3aebaeb089f066ae29f2f9de |
C:\Users\Admin\AppData\Local\Temp\mUcYYAQc.bat
| MD5 | 651f6edcf8940ec4093a18728aa3259b |
| SHA1 | 8f55c7e67285b45194b621f7d554788a1e92b4bd |
| SHA256 | b674fe1cda1f7bd401da019981095ae85d046c71c4862081914af7b0561227cc |
| SHA512 | 07ce0585385512dc93bdfad7799d9c22b0dd4138649cf8fbda3a185951f839152e8c3b33190eaf09252c09913e7404cd6045e38e1e109617173e2f4176a8de82 |
C:\Users\Admin\AppData\Local\Temp\ayAIMMoc.bat
| MD5 | 14fd17ab8148916c6aa463c93994463c |
| SHA1 | 7f51f6b1835891dbdb48b1209823f81f7c2fa026 |
| SHA256 | 8cc895bdfa6642da27f299467835b3ec23219416f2c952f8a2ce2fd6c285ade6 |
| SHA512 | f8bbee7ff778537e37724742caa0ee9716a01376e017b5dd6aaa067afc804ca8e8963a8b6e023d42c5db9bd69ed2bdd0087f95e9971d801419f1d727b6828ac1 |
C:\Users\Admin\AppData\Local\Temp\QKUoEMEQ.bat
| MD5 | 0c1225442e20a36cf2f5882583cf5ecb |
| SHA1 | 7c0f0152f0d9dacb5ba64a998138395ce3b41ef9 |
| SHA256 | 2f47eab7640d9667be0ff140850d18501f4a7671d0e265f9ca645111b7f17c60 |
| SHA512 | 976e06867bdada42c61eadd9eec82f6cdd7de3847e0d4f1562ba71d28594b20b0abe5bf76d796db128014ad894bb4c455ad4b106d66b049effab256aa96c6c02 |
C:\Users\Admin\AppData\Local\Temp\JckUwMoA.bat
| MD5 | ac4f2693dc63a6310e59bba1dd43c727 |
| SHA1 | 731040733a074de40ed41fd518becdb23d246833 |
| SHA256 | 843b7733c098dfb16aa1492080c170ca6c907c192c08d5197410f0aadcd827ef |
| SHA512 | ba6c5cd3731a353782c40cb4d01a5d5f932464058408d2e3ae799cb3f8787ce9fd8005b5476d03b014c0c37a86bbcc1d4a2d430979d58c37e26d86cdf32931de |
C:\Users\Admin\AppData\Local\Temp\NkgwMUsY.bat
| MD5 | 4bf4c0807521edafc2fd00a849e7ea7f |
| SHA1 | ee261ec02172c94787dc39ea331ef67b9c1d1465 |
| SHA256 | 434d786a6e21cbe9545838decc7c1380cd83696765d707a115eb30785534f12a |
| SHA512 | de0c181b2533d5d6584fff20bb69fece478df6612662d97b777a5176d4dcb4d2a6876c605d221bdf8288c97ef49b316eb36ad2c4890a4d827ecaa20601355a7b |
C:\Users\Admin\AppData\Local\Temp\XasYEQAE.bat
| MD5 | a7aa9e280dbcb60d1f3652d91417f7fc |
| SHA1 | 9d9e4f95a518d82cc1a44f87081ae1b47dd961ae |
| SHA256 | 20288625f8650f263c61b0afbe7a51f441e638bb03305fbe962f36dbf1086e51 |
| SHA512 | d7810fdbbe00f2b76158f87dbb7413cfae733202eb566a634092c5b05f0ddf983c44435c15e022a73ac054114eb5b88be15f17253e5cf5b8ead7926fcf74badc |
C:\Users\Admin\AppData\Local\Temp\XyMAUoMk.bat
| MD5 | 1c0cb56f2f2ff6ad80a3b5929fb91626 |
| SHA1 | 7501b55ab1ded389c4b4159b4ff22f4b250c8c09 |
| SHA256 | acd4dbe5385649847fdd4dd001cdcfb077686ddd81ce74ffb803d3ba5760f1cf |
| SHA512 | 8c4b536d5927665aa16c4b1f9ba5387e30dec6ecfea82cc1a6fa0ad7fbc34b9df0fe14b758e469a97f45a8512b43448764e0dde59f98983f6423280a4bdb7aab |
C:\Users\Admin\AppData\Local\Temp\uuMUsogc.bat
| MD5 | 5965810c2e1eede6715f9a75acc9b1a2 |
| SHA1 | 1ca685397fda71baa968193301829ae8f9dbd374 |
| SHA256 | a939896a391641e74ab055401c8d2b9358189e2d27dfa2b1d75660a116a9c279 |
| SHA512 | f638c5b81595c82c969886140c1689e5950e79b6544f5444586f995132d800a55b5e76d93993af6caef5612eab12e07509a66b2a3429b8590462f7547449f9b9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 17:59
Reported
2024-10-16 18:01
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (81) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\ockAcUMI\cAMQoUAs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ockAcUMI\cAMQoUAs.exe | N/A |
| N/A | N/A | C:\ProgramData\qAcsYMwY\VaMwEgso.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cAMQoUAs.exe = "C:\\Users\\Admin\\ockAcUMI\\cAMQoUAs.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VaMwEgso.exe = "C:\\ProgramData\\qAcsYMwY\\VaMwEgso.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cAMQoUAs.exe = "C:\\Users\\Admin\\ockAcUMI\\cAMQoUAs.exe" | C:\Users\Admin\ockAcUMI\cAMQoUAs.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VaMwEgso.exe = "C:\\ProgramData\\qAcsYMwY\\VaMwEgso.exe" | C:\ProgramData\qAcsYMwY\VaMwEgso.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\ockAcUMI\cAMQoUAs.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\ockAcUMI\cAMQoUAs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ockAcUMI\cAMQoUAs.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe"
C:\Users\Admin\ockAcUMI\cAMQoUAs.exe
"C:\Users\Admin\ockAcUMI\cAMQoUAs.exe"
C:\ProgramData\qAcsYMwY\VaMwEgso.exe
"C:\ProgramData\qAcsYMwY\VaMwEgso.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GQkIwAUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mWAUkQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NsEcQkUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\diAgYIUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jKoQMAgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JisAMQYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qUIEAMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kskokYUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osQYkMws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VwMggwkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZAUcoMIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lgMIAYsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TSgsUEIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dGUAkIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OkMcUUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aeMIYUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yysUYoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ouIMggoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQskMAAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nwcYwYoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lyoQgocE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YGoMgwYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GoAEkUgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GoAgAMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOEcYQsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fwgYMIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqAAgoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CKcscEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AsAUcsMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CQsEwUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XccYcMIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMEcQQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XKkIsYYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IcgMIAUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MwYkgUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IkYgscAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zakwEcoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiEEoUcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmkkkoAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEAUQccM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UggUMIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mesAwUAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOcgQYMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIsIIgUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZeIQAgUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vgAwMIAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SWoswkEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YwwkQEUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKMUQcwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fSYkQUYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAQYEYog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jMIQUUMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zwkQIsAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OYIcsUgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMgwQksY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AoUgoogk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yMAkgQgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RigEgsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsggYUQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PqksAoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oSgEUkcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YugIgEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYEkcQQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGEwcoEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XisUQIUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LycsYwUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAYIMsAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bCwkgEEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KeIkUooU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AsEYAcAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XUYMUAks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PMcQQoMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaEEQcUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CyIcUQAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOUIkMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zaAUMQIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bIEYoUYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWYQEkkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DQocwYkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IMEQoscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iQEwsIAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wQgsIIck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZMAEEAEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZqcQYEMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pWIcIsUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEwAYMcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUsIwQws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yccMQsUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AgwQogMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YeMsockM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FEMUQEog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSQwIEEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUAgwkIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeEoUcEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osYkIAgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wqoQAUAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SwcAsEMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KsUwIgsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 103.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/4676-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\ockAcUMI\cAMQoUAs.exe
| MD5 | e667f2cebb2eaa89069d9ec8a55457b5 |
| SHA1 | 775b84a913d2ff2fa38926d694c0007ba802da94 |
| SHA256 | 50e3cf29a6d421a559502258e76cd51dfea9a18f37461a4e1fd6930e766487ee |
| SHA512 | dedc6a92e03453df687c35f7e0924e6fd192f577d2b00c57ec69bb399339c96a045d4fae7b6b741da49031d26045f2bf5235fa180df54c8b685b8ce4ce070a87 |
memory/4052-7-0x0000000000400000-0x000000000041D000-memory.dmp
C:\ProgramData\qAcsYMwY\VaMwEgso.exe
| MD5 | d31e8a9bcd80f8f7e8946c3ecc6185c4 |
| SHA1 | 0efab7a9712c87c61db68e8560718c01393a85b8 |
| SHA256 | 620d52131cf6dae7ffc915839a98a52416c5327ca2bb0641b95b982bc12c6204 |
| SHA512 | 33ebedd4b995d067dcfa7c0e1ef9d805f46083377fec0ef697522891233a7659e7a7459a49d92ee1585f4b52a1a73347e77c20cd679a71ffefe6ce4f3f183d40 |
memory/4156-14-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4676-19-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GQkIwAUE.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_7909fc1d969d674fc5f4fc9fa08af28a_virlock
| MD5 | 88fdf033287a0bbe808f238d33ee612f |
| SHA1 | 83707d74209a0bb1db0c4f1f195386e1893a94aa |
| SHA256 | e2db76506487923da33011355eae311c48edd74fcf1347cd968266de86ad9e1c |
| SHA512 | 95e192483a9279b0a92d0aa00e742c0d48d5d621ad63fb6e7c107c189f43d29c4d7713e98c237a782e595a0db662d42c9315c69452a3482c50e62300a2448f93 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/5108-30-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1836-41-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1384-52-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3012-63-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4872-74-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4604-85-0x0000000000400000-0x000000000041F000-memory.dmp
memory/648-96-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3116-107-0x0000000000400000-0x000000000041F000-memory.dmp
memory/944-118-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3520-129-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4464-130-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4464-141-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2220-152-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4704-160-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2296-164-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5048-172-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4704-176-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5048-187-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3456-198-0x0000000000400000-0x000000000041F000-memory.dmp
memory/216-209-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2304-220-0x0000000000400000-0x000000000041F000-memory.dmp
memory/676-231-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4272-242-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1044-250-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4592-258-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3128-266-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1448-274-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3964-276-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3964-283-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2008-291-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3268-299-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3512-300-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3512-308-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3680-309-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3680-317-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2220-325-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1776-327-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1776-334-0x0000000000400000-0x000000000041F000-memory.dmp
memory/636-335-0x0000000000400000-0x000000000041F000-memory.dmp
memory/636-343-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4272-351-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4904-359-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1428-367-0x0000000000400000-0x000000000041F000-memory.dmp
memory/412-375-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4952-383-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4072-391-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3756-393-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3756-400-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5016-408-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1492-413-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3408-417-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1492-425-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2612-433-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1360-441-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2992-442-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2992-450-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4596-451-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4596-459-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3896-467-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iAwg.exe
| MD5 | 61b87c656628e6ab05094feb52dda945 |
| SHA1 | f8d2d6060e52559552eaea203249e27383748e88 |
| SHA256 | 78a344c2456c3a1c768742a98becdd18bf24f8639fecfc54bc937ab7127308e3 |
| SHA512 | 07eb8674f1f78eb8fe1a8685a48456ce03ab3a291278bb44feba2bf0690fb71d18b0214bc6a1ef5e296361b2219ae388ede1920e6b111b2de8c79787a0cddcc6 |
memory/3448-490-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GIgW.exe
| MD5 | a4a8bda58cb32f23df30afd43675c4f0 |
| SHA1 | 2c897aaf833ae9d85d4e6a6262bbacee84cafe1e |
| SHA256 | c100bcdf1573e73d8c8bdb87c0b8a46a1f9c0e5e488324336efd0c6672186f49 |
| SHA512 | 397e5e833ecf37ccddb9ec17f69dd92c65998e5dfffef0e8311b9681b617bb1be47a03f1d594368e1900557e29de9245db61bf351f41acf104da370f34203127 |
memory/772-525-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2668-526-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Wwca.exe
| MD5 | d5b168f1dff725d120f1ea95f7d2702e |
| SHA1 | 857565ab7badbca745ed1b91145eb9b4909c6a69 |
| SHA256 | 3a4d9ffa93b87c35ba0da1721d412d39983709a51817937b45768aab2ac5154d |
| SHA512 | 4a74e16bd9bf87d2e53bbbe624687c83ea508f40575b21f9ee2acb540fd9981d671d6c5926ba788da506dc346859675c9753c60ba622a8e45ce32616170d9adc |
C:\Users\Admin\AppData\Local\Temp\MEsS.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\sswk.exe
| MD5 | c3964c8a7cda8105b4bb71c48f23e78e |
| SHA1 | 47bbc163b23aa1f2548c20d7f20074dbae757241 |
| SHA256 | 21d115eabad7495523ce06cf82b246c7c7164d63b2d5e6d5a93af96111ffbaf9 |
| SHA512 | 336774e65e1d12d8102439283ed08efae6fa2bac0b105be36ae6b2f45d62f24ef3b118ef8e1d793d13aac6a8528d0d3bbd5924254f745b52173b7cea9895a85f |
C:\Users\Admin\AppData\Local\Temp\akkI.exe
| MD5 | 14876f237f88fffa942a8e441f5c4417 |
| SHA1 | 0a3bc4bd2ed156cea2b01bff6e30d695d5f3ecb2 |
| SHA256 | ef08db8c970c9dce571b80a4de148670c10597f381c3487dc2a1c80f5ccc0e40 |
| SHA512 | 7b0f26f53a1edb5f1f2f66824acfcbe77fca040dcf60542b869a6ea0709582f6da92c2307dfb62284c856e93d548acd3e4e1db78f10b0471264047aeb69e4039 |
C:\Users\Admin\AppData\Local\Temp\eYAs.exe
| MD5 | b6c46a3095844e54ffdbd140e3afd78f |
| SHA1 | 7524d26a92aee38c6cbd7712caac7ee68eb09686 |
| SHA256 | 8c574e3564ccc53ee1620320e96750953c7806819ad7d717adbc1a03f5dbaca2 |
| SHA512 | 61dbeb914e6acbd291f172a86a618f3f34a1eea0d62df6244003bd262176fcd755fd24a2133c876153a3549a7a6c48512a91466fa8ea14cb42ebee46374f59b1 |
C:\Users\Admin\AppData\Local\Temp\gAca.exe
| MD5 | 65a6d0583737379e94f5e2d8607cdf2f |
| SHA1 | 762d3ea439c9a8eb06fffef8c2d282d175efe69a |
| SHA256 | 29c0e5f4f438d1460f8bbbbbfd3f44841be77b4024191d23300befdb830d79e5 |
| SHA512 | a1d76837235932777292b433ce4244435b299fc6fcd6cb76ba39767ca60437801642b1619880599e5cec8de89cd784e312122a2857d9d5c118ea4d42d0c314dd |
memory/2668-590-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kAYO.exe
| MD5 | 92c51c2132cdeb2365058fef571ea35b |
| SHA1 | 730dfd58121c3bd4a8b90c73726329feebcf8edf |
| SHA256 | 213926e53f77455ddd5fa279601444bae1de0eab4bd0c389fbf2f1c9f38533c9 |
| SHA512 | 213654fb9d4970a03e633aa00041fa97523ec99379796cd0252c2dd8470c602cdf70abdc372d4843a6e257d96f2572cb6b8ced0136558e6a56f80128ebb5ac2f |
C:\Users\Admin\AppData\Local\Temp\uQgU.exe
| MD5 | df92cdbd8951d28f49f9c2736e69a980 |
| SHA1 | def6a3437a3aa4b2a915be0a6fb93b6e2464c2da |
| SHA256 | be397c3ff8afa16749e2b3d97388ee74866e683e8b6101e0a0d3272bbed9a342 |
| SHA512 | 3447940d3bbe8951df49ea76035f6e31737d5665d12e92c9b5de1ec3f5521b66d0affe0bd4ee7025340cc5f305e65ba3b9099c71b0ccfcb0eee92cc7d88e96a2 |
C:\Users\Admin\AppData\Local\Temp\UoQW.exe
| MD5 | 97527a8a5fe5dd0de878b26dcde04e92 |
| SHA1 | 6e8e281e999e1e5db692f565cfdae287e50b105b |
| SHA256 | 49c74d9b8603f10a28f761712720d960080a57e6bb2b00cae00ed2c8f1372e37 |
| SHA512 | a7119bd6c04a59ed9f7e352c813e13c9c93f377b3d83978e54ea7f9cfbad35ca1a4549e0c6ebcf9af23a93d9c7b3e128ce7a60c2cac091758c0ce8e97c0fa285 |
C:\ProgramData\Microsoft\User Account Pictures\user-32.png.exe
| MD5 | cb1d8f75521594c05a0f5c3c4a2d3a30 |
| SHA1 | 0950d2c95488a576ded08ab211c6dd293b6425c0 |
| SHA256 | c2f63d94d6fbf278351402f92d9e69dd5948e4b13ebd5e40d6a55bddb17a1174 |
| SHA512 | 7e46b296f783842a8f5225151910a07f065d7761783003106bf8c172af78caec0f70df3defc949e6f6892b0dd9a3417d4415eed1a54e193ad79ea60ec42be8af |
memory/1492-654-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eQQM.exe
| MD5 | ceecf0ba45b307092f8c7203e63f3a5d |
| SHA1 | 82899c261168a23ddb478013fabe7e8218c8824f |
| SHA256 | a32e9a7d770db006a6912c68be0ad865340036136900d2c102ae0e21228c13bb |
| SHA512 | 1ce7924239d9a55743c02f64e992094f8c29117a3f6bd807e2126164f1f9da5881bd41bc5d12eb3e3ff88595612a8b927314c8b5f03d0a38292ba36ce1df70d0 |
memory/1840-669-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AYQy.exe
| MD5 | f4c4f5e8e9cce5fc1b6bde1b8310b94f |
| SHA1 | 34004af76f6f1341b71b9b343ae158a205f398a3 |
| SHA256 | ca1e17b0f71b58e1256b3041f854c72f5191cb8d10827348797208dcf82cf24a |
| SHA512 | 4a41e56e57d29e29a2ddd9f28d447fe432b139a87f6b77f75c5cd6b7f2df5d9522cd7336cad408ffe459f04c10e7e2c3df99c22576e8a1167cdefd5fe2581cc0 |
C:\Users\Admin\AppData\Local\Temp\ooMg.exe
| MD5 | 86b729db60623f713cd2b97a28edbb0f |
| SHA1 | af1ee84953c1f8bfae9b8db22f2029cbf441ce2a |
| SHA256 | c6e023d47a3aabd9c5d2862a1be0587ce6890c5d9b50cae3d2deacc769753273 |
| SHA512 | 691307fe20ac3deea06ed8981aa4c1929267a79e7737713b8c1ea9698217084b88366be488b39782483800c64b584b9f73c472bdefe95802861b6d17a7e8e77e |
C:\Users\Admin\AppData\Local\Temp\QAIk.exe
| MD5 | 8d30ed51a6d05e99f4550876f9f5c503 |
| SHA1 | 9aae1239543357557a17f0a414b04f5a53623139 |
| SHA256 | 8c62c1a5ad525403e3f9006cf123ee658b62f786ece2e6496b3da2e90f5ff1eb |
| SHA512 | 2ff1aadf7842cde2c1a8569ac4a13e1173da17ea1604d8ad62583134f873c536cfec827328e9527de55d613dbc2d8f88de1fdc5f3d71790dfab68dbe036acd55 |
memory/1840-719-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoW.exe
| MD5 | 981fa7f1a0ae6de52fb46bee25b718e5 |
| SHA1 | cf762948be36d9d7f03865fb5d3721f3cdc78831 |
| SHA256 | 9712697d7f75ddc46cb039ee15744929cbf1e0deb94b8e7178732c26ade82eb0 |
| SHA512 | 779f8108a3be9119c9fdaf08501f2ca9e05dd2e3e847e1ff743c92cea5a08ba7e28eddd8dc4fbe391ecfbd6d2be931445d0756a16f4ba5f5b35adb233852ba47 |
C:\Users\Admin\AppData\Local\Temp\sAcE.exe
| MD5 | dc134353f69f77cf8951763a6206f3cb |
| SHA1 | a6b108174a707b85e1057539960cd01300959ac5 |
| SHA256 | 8ff229a194a1b6f2322a3350623129fec7189d8d9d3c8889e72c6b5ac038229c |
| SHA512 | 6adae9e90b183e3f98380e5d979cdff08446b18becfcb23f81adc0d216895198b48f855ca6eb3cb9b95c48002192125b6689ce40d5a623c817c1f130bb8aeacc |
C:\Users\Admin\AppData\Local\Temp\wkEe.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\UAMc.exe
| MD5 | 455446eccaaee519a06c438d1b6d22ad |
| SHA1 | e5664dab82f697e491446334ed21d353ba96dca6 |
| SHA256 | bf1e0c238d6e6388af70dfeb66f48a861c6c1182232a78dc0fd40a3a332f071d |
| SHA512 | 14c2d608781a2ed371ea848db3bf6343edc846780180d14ae472ac4d66a93ce377dd5d9c59e32483bbe1a2bb58b0f267670f2d9ddba2ce5252857238aae29673 |
C:\Users\Admin\AppData\Local\Temp\MgEu.exe
| MD5 | b8d39b5400ef5e0d54d2a5a5e34f014f |
| SHA1 | 38888b81663bc1032d36d7e81ae0c84c3217437b |
| SHA256 | 3529c509b8fa4e586f2aca225aa1685f3f232c28f20da3dcf3eb374f0ee67ce8 |
| SHA512 | 4d2793b24f64c754ac52f7da4659df4fef79816fee58c5a39fc35280acb3b83e9bd4bf2a1ef9d01221a0045794ff95fea61fd008f0570a84d73438a1d93c5ff6 |
memory/2880-797-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iMoY.exe
| MD5 | d90af19b6594e02aa342cd3244f42f00 |
| SHA1 | 59e1ae135d9c9b009723e4047cf42abcd666b3ea |
| SHA256 | 03f3ada70ca6c0771b2f7a71757462b5b249db42267f38f1f708c6bed6541fca |
| SHA512 | 455d071952735b46d428be3cb59eaa1c4c4774d27c09cb974edf22cc4c8334a906d2292ef6ee45cca327bf8b8878d17de36fcbbde1a492da3a7f7e38b43e6f6b |
C:\Users\Admin\AppData\Local\Temp\OMwu.exe
| MD5 | 2f106f1caa02d6f79866e20be6e3a2d2 |
| SHA1 | 8823afc640fdf500b6d11fabbe250e886d4bbd05 |
| SHA256 | e3cb5d24c69dd7a0f353a95a8a629c7c7b8b89b4402e3d0b94287bd92eee8564 |
| SHA512 | 93cbcc83102d24c563f1cdf0624c8d950694358720a418b81060e96daf05dc82a53fccf82776bb28b2b26f7cb040aee3e4a08adb3a6ea27a7d481f1b481f8ebe |
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe
| MD5 | 5a7dd24bed212cd2f87548169656decf |
| SHA1 | 575da03995b599af577a53f71cdbfc3577ea523d |
| SHA256 | 05e0f9c2613a534faa295d64322487f9f4fac28f50a1a9b07d4e8a1881a53f97 |
| SHA512 | f80ea79f54ca6cfcdb940a7e9df04ac22464251dab5a99ec8582278d49a6bb9d85fc8fabfcc273174ac4113a0a1afcd1cbebdcad0f30af5e565ea1d35a26e50a |
C:\Users\Admin\AppData\Local\Temp\ekQa.exe
| MD5 | 1de675faa2959ba9692b336885643f0b |
| SHA1 | 51b8b462a1bc3fcb4dc8fdd4db5c72ec0b5f33d1 |
| SHA256 | ae9211a507cdf3580e5c70b48d5e19e0dc549bec0e8e2f6e1c04d01938044e83 |
| SHA512 | b32f8bf385feaaca00a59cb644d3cbdfc7b13952dc69809b950835ba6a6f7fd9083d372aa974889e577a6e4452d02236c35ebd0902c4de490c07ca41dc0f56c2 |
memory/4880-861-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IkoE.exe
| MD5 | ae07019504ab79c6c0a1ed19c8cbf049 |
| SHA1 | 6e63db6f60fa1c72178e4dd02a3a4f2eea6e870c |
| SHA256 | 82ad92ebd66d1e2874a905cbf38fec3c91db9d88a9ec8f41a8be292dcdb302bf |
| SHA512 | 104548ea51a408f88fc14c9f02197f7febc96158456af3f857aa2fd0ec25ba8606db55d57c53e7160a22cf064925d746830b2feb623203bc0d05acfbf538fc16 |
C:\Users\Admin\AppData\Local\Temp\msYG.exe
| MD5 | 81c9f4381bf0769b9bed7d88ab9c13aa |
| SHA1 | 8d349f92354e47994592abc86ca95da76dacc739 |
| SHA256 | 1863f7b1209bd72660266412c3d66b8c25129006c1376b7a0858030b53c6e288 |
| SHA512 | 19c3e8c10bafc144dd65285fc9e7b5e2ab2b0d5dd27110d3277b66623c07baa2712166d4c037012fd49e1916c400df2d5f310bdfc5192836b5e61bcfd3eaa539 |
C:\Users\Admin\AppData\Local\Temp\ioUo.exe
| MD5 | 9983aa05a952f45f1bcd226cb3e1f16b |
| SHA1 | 665387b8ee260bf02da9e4f65884dddf87c430d1 |
| SHA256 | 1a82c272a3e58599ee747cd25b75afbf7db8cf8ab11c66e81e72e72d97d1762d |
| SHA512 | 5d1baa51bb9efe7c6ece2a951115ed6c248837c6eb1db49d0a1815ddf517351524ad87dff0c9b65a8572dd2f4614f9bc8c91189a04a0ec1cfd013ad1fed5dafc |
memory/3508-898-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sooI.exe
| MD5 | b251ae6353f094de6a74bdd6ce57952c |
| SHA1 | fa2ccc49c849ceed515ae47b357dd43047991fcc |
| SHA256 | ac36e94c82ea00532f542bdf419acd095fbbdc4d21cbc034a48809aa45ac4ff1 |
| SHA512 | d056db6d6176995438fb5bf0d5e5fda8b85af4193dc45386908886dd27e8c5706a47fb45372f36324603c74e044879b651b36baac5edd699539ae6930a09ec24 |
C:\Users\Admin\AppData\Local\Temp\cMEa.exe
| MD5 | e44ea0eefc663bcc377b8ae97ce6bfd6 |
| SHA1 | 758fcea12d9102737040e91776051bb6b2d7c208 |
| SHA256 | 0fe35df3e2f86ff77d4445212fb1a509aa9378f59ab3cc0f3ddbb371d35c2bc5 |
| SHA512 | 04d0cfe08a7888d21d13e73dbdc8d93164b056262e13e7ab2306f0e0dde1b1e369fdc482a62da4d6848b58ed476b5bc86dbf20dab991d4c40f5a6737ebea8be1 |
C:\Users\Admin\AppData\Local\Temp\AgoA.exe
| MD5 | 166b96179d7c1da2adb7dc613cf18b56 |
| SHA1 | a06485d660da93526b5b2d873b43e2ce96c76f46 |
| SHA256 | 107a293b0eb64d524c4d3de68d455581ba852d4576c7b010a4a26739a8bb2d5c |
| SHA512 | 7539943f7abdc539135f14a2b5b44c99cc5b37a2ed054314a83844c655592e98c048fa502078f3bbcf449212331c2dc834c8d748cd79dd2c30abb46cd991a77c |
C:\Users\Admin\AppData\Local\Temp\MUQy.exe
| MD5 | 16619dc1499e5865e772184e6fdf0037 |
| SHA1 | 99e2a5390bf3db034d23084cc7d1f133f4320b12 |
| SHA256 | a3747507fe6096574f85fc43420d8b2966dbf6e9841c9861b1411a6f6347af2e |
| SHA512 | 8ee766f0a81d205d116c423ffe662890bc5b6f68ff75209aa46a5e44f60b91b826eb9b1b0edf5c170c17a43df64cdf6c12ab2621c97e1f03cdb8fde9669c0a45 |
memory/3036-961-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OEIS.exe
| MD5 | f764e7f97bbeae4bc372836e144a0074 |
| SHA1 | a4e930971d7c596168af2c4940122ad1731e6730 |
| SHA256 | 2a7169ae1ccdc5b7183f4c9ab64096ad93d434ff9f7040b19e8da8049f4f8513 |
| SHA512 | 06be95714f604b46011df634ab77c7b1bb7c3e0d15cf1f9dec2e23d47f0fb857a51608fe1716f0621adda4354b00dafcf0dbe0326854e49412dd49d77f1db371 |
C:\Users\Admin\AppData\Local\Temp\IUQS.exe
| MD5 | 3655e6e08dc1f976484350369c6b5a4f |
| SHA1 | 5e0d6988fb90d1f71bde7b5dfda6c2e2e345471a |
| SHA256 | 0da22e207522119766c8f970e7602ff093386e606cde97df6130194ed688bb07 |
| SHA512 | fb59254deac928a0308a3fc0f363de73de9440832f0d156c5011eceae5dece40c74712af57858961686ea91018e683e6ad73673a2f853337410ab7e3f73217e4 |
C:\Users\Admin\AppData\Local\Temp\YYcc.exe
| MD5 | 112f819e85e34b73d43e5dc557d4ac71 |
| SHA1 | 0b3bc0554c723c0a6bf219115eee2dbbf30cb809 |
| SHA256 | bc596ca9a53754286e5c0714667ed62aa1f89c5b762794d225310e68317ffb92 |
| SHA512 | 10c0e3f21c64e71206f9effb60c6e6a7b269251b84693053f526311f4d5a0fc03ed85b80f3c8e5bc4fe70a02e91b36555edf9d08de134b848f6815ee3c104069 |
C:\Users\Admin\AppData\Local\Temp\IYAk.exe
| MD5 | 3b61bcdc44e1acd55520696a14bac0ae |
| SHA1 | 380cbcd98f92ce025b97d10a929ddbaeb6be6523 |
| SHA256 | fd3a2e46cf4a81b64ef6230d520df9507506840332ba8768a8b3fe843c98a7c5 |
| SHA512 | 5de8806d0bb9fa7407431c095533ea009c6ff292ad163542af47eddaef5226e9e1c4b65caa7e83c61d2699785878a02863a1de8a08985cd8164b826a2134f064 |
memory/4136-1025-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1492-1026-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mEcA.exe
| MD5 | ef8ee70714f39e0d0b310581f22029bc |
| SHA1 | e5a04a8751e4eccd3f29a39619597d63e5e20322 |
| SHA256 | ba23eef79281aad3c637cf5c4eed3a227e9f230858ab36c55d673d5bb40d8048 |
| SHA512 | 73ae767e2dab40a5418d3aa5d092e9dbfc46c19e3c7a1170a9346d6b88e33daf3f86ae9b3192287cc80cba0e3e488c4550979643d2aa0d99b4169093635a12c5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\blurrect.png.exe
| MD5 | 9142d6af2d8b4d2068cb9942e1ac35f2 |
| SHA1 | 6f3e6bbf8379141be4f64160a66b9ef13ec67b01 |
| SHA256 | 6c0dcaf94b5483dae89b3d22a4cbc515c5af47f1b2a2dce46478a3cedb6fa43a |
| SHA512 | 2846a752f753b141016a943cefdfb4c69dc8389c897108195bc903c40cc1e4e6b3bb9d440e197628316c54206d7a1a7eb0e5610f26b9a67da64d0f74b35cd873 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMHeroToast.png.exe
| MD5 | 59d220dca2da3c1118ccffcfc6277bf8 |
| SHA1 | 5a90ced226d2956a227273f407034e90d2f69141 |
| SHA256 | f4d8656310dd0efe2f8a40048f60c834f3037b5502e482ccd4c66684c34907db |
| SHA512 | 27ad5813729d5f71f9cb1a2368f49b33ef832fc5a76f1cba66b1b473dd15682889c6a7ab3a7f5ac416d6b52f85fb029f58ebec813b9d26b37f6fc39471f756a4 |
C:\Users\Admin\AppData\Local\Temp\EkES.exe
| MD5 | e168eaca0907af157d55c68d5f78a857 |
| SHA1 | 96404b7a97caa9cbab0a75f546ff76d2a02800b5 |
| SHA256 | 316f0b8e4264eef3a28b542ff37f1bc75de1b716dc6bc8db6bc54175f58b520a |
| SHA512 | 0759b21be89a80c0e5a9c332c3d8e5b0743de994ce26c09c14de943d7542cf78411203e2bfdf854a757d526b76b1be6ad17a4ae7796e754b655b1c42fd468699 |
memory/4136-1089-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4624-1090-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\igwm.exe
| MD5 | 8d20a8a0150ba588d7d589b9ffdb2570 |
| SHA1 | 00942425aacc389895a2acfc83f97f1dae46fb27 |
| SHA256 | 077addbd52584d06c2b6a7b8fc554e255f755c19041602aaaab0a6273a0495e5 |
| SHA512 | 9d1e5570ada5f67bc7eef31a80d8fb1a0d81ca88b18debe615a7cf4ebdb4e01dc9473d021eb2b8bca6eef292aaaebab41ea1b66bac057c804b92634a4132835c |
C:\Users\Admin\AppData\Local\Temp\ScIS.exe
| MD5 | 3861b603d0d8c2a21306930c28eea267 |
| SHA1 | 78d8dc7a8b800b02fad7905cee2a4882a8e695a5 |
| SHA256 | d228ad3437b314f009a1be366b6f49da0cdf656a3f2e8cc9047415eaff9cb527 |
| SHA512 | cd9e4a9fcc2a8cd9462ecca07a18ef430a34f481d3750a7dc78166fed0fbe9e3211849f77fa9e0fbefb7a74caa52fa5597977505bad98a1512349251229b08e3 |
C:\Users\Admin\AppData\Local\Temp\gEgi.exe
| MD5 | 467c217ca4caec704f72d81eb4e211ee |
| SHA1 | 490fd0542b887c3e47cbfe8fe0e5ad9a782cf445 |
| SHA256 | dc66b8cdbdfaf3166e341f784b474e2defcdb5f98965f0ac01db72ab8229a693 |
| SHA512 | a6ba28843d339f746286e49875e558c5583cf4ce63b4c3e84b6d0d65590c14663e8dfd9fb90674d32b98134ddaf9065d623369c460522f65618bdd32541babb6 |
C:\Users\Admin\AppData\Local\Temp\gAoK.exe
| MD5 | 0f7b69fc2c623ea51956417568c8a98d |
| SHA1 | 836d0031ec89baf8ba9165a2585b0e8a2b14d4ff |
| SHA256 | 04ed7ebcd73d766df7ebcb925aa33ec8122236030df3e6714f25bf432eeeeac3 |
| SHA512 | 9fb1fd40fcdd1d002685d19ee019fe074de4c73fe4b335606cea0e3f91ca08a996c406308a6fd6cb4ea5e66f3958adfa77a2a6b4e70f7c2921f6b5efc32c65d2 |
memory/4624-1154-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ogQI.exe
| MD5 | e08954a450f7d14a8475de85418d8659 |
| SHA1 | a3d90cddbe8df9dab34a23395e57c6835ceef93e |
| SHA256 | 9a884adab8b82f8102a8d219a8227b44222572a58ad50dcc26c60a2c2e95c6b3 |
| SHA512 | cd481f8f203e6b2ec366a0439d7dc9f03b25dae10937656e383d2ea97a6ad51be8c0f30b5e02417e6fd2cc06d1cef728acc801b32c2e1cb64a35122dcfa017b0 |
C:\Users\Admin\AppData\Local\Temp\ysYA.exe
| MD5 | d2093e9a941eaeb7bc56b61c75e47a8e |
| SHA1 | 43efffdb50a287c9d410353e583306d788093327 |
| SHA256 | b84433b326b7b77b93a2b70e999007df290edc1f99e252c36611d71546fdbd9f |
| SHA512 | 8d27a90afdb36eeaa93cd6eea6bf72eeb69db91df214777d4db7fcfd5110b779eac01cfb0c4c5e6ec13ae94068719f9e439c25d1e40466598e8ff1458ce9a1a0 |
C:\Users\Admin\AppData\Local\Temp\YkcG.exe
| MD5 | b8774486fd0dc5b96d804da99a100c38 |
| SHA1 | fca3593598402598249065e0cc3de51dede0b995 |
| SHA256 | 7605e5ec8f1571c4442affba3037eb067293288901001ef555e179bd33760f52 |
| SHA512 | 78797f0cd02a7209b7977dca2a09fd0808b12078077cfc2742f09d8ed8867048d4e016db6188a715640e442138b0ecd732773bc7b3289e3762bb4a94bf01bf73 |
memory/2280-1204-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2248-1205-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CwEU.exe
| MD5 | 64bf300fe065a5cb842fe51a5c3b1509 |
| SHA1 | 70bb4ffec582bd062ee5855686ac7514e0656590 |
| SHA256 | 45eae5594e277f6c7554075e9a14bccad0e2c59af4e943793a56d5907dd4cb2f |
| SHA512 | 8f1be699a3d94d74afecf22ca649f2c09cb14995c6979e47db1fa1c424de0cdfbd9cef61fbe0d9f95e3da80fc4e159448b99e352579ad4b69350a77449a3ce29 |
C:\Users\Admin\AppData\Local\Temp\AsQi.exe
| MD5 | cf6c9925edd33eb1ef649587133f1d7e |
| SHA1 | ed2e150d6acc9f298c4598c5df40211b8d3bf943 |
| SHA256 | 5669cbf671d6d5daa1ea81975f3468644d3ec297410fee01f7ee5ff689142fd6 |
| SHA512 | 61a0544688ef4c69a3093f0d5e4b3d7b3978c89680b5eda85d9297777b92432410cca72432b467b5f7774bb4c8fb81c94f07fa67d2b414b0ab0fd340b20fa7e8 |
C:\Users\Admin\AppData\Local\Temp\IMAc.exe
| MD5 | da23b9c65bda425aea213605b317f99b |
| SHA1 | 86eb13ea048d3e88adaa8596b2a296e42de12c40 |
| SHA256 | b46968ed05563624466daf78ad0f8897a9361fce74cfbb8497d951c6eb0f97e3 |
| SHA512 | 18664bcfc100fd3df31622e63243f24471efb3b710c98598244521b7b4d369f498addec5533042902a6331e719dd2edb27cc6c216223dd6e4afe04816be0bdd7 |
C:\Users\Admin\AppData\Local\Temp\UoAE.exe
| MD5 | 3b1ab879f42f653c4f956afdd70b852e |
| SHA1 | 32d63a42d95f89768e9e78bdde15b8a25b893009 |
| SHA256 | 56652890dde0840ea7a5ab768add8ccfb743da918e68f674484edcc62ca55961 |
| SHA512 | 1ae2f566345bc58622afd2f6810b84682b201f794dd7afa3c077ad779c5ebbe11926f176206e54bec3f7ab6546472e6e92c2131c968f9b1a3d75eac24f242414 |
C:\Users\Admin\AppData\Local\Temp\OYoE.exe
| MD5 | 1670bce9f2c475231bd39cc269315d12 |
| SHA1 | 8f95d57588617e62861eacca44a2361127702bea |
| SHA256 | 269b5bf66d23e1c84eb4344c5d05b99fd634a7096808b4c6ae278c4e3193728e |
| SHA512 | 7e9ce4e25dab3c5b0d49d557a73ef75705d3df043b707d8683ff63034a73f78db76356bfb270085666c3a76f6528968d765e17860977d132bd15af48e9a8a5ef |
memory/2248-1270-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wQsW.exe
| MD5 | af20ca4b39a3db004dc537db319def5e |
| SHA1 | e35eaa0a49c2de46aad31db692cd8a224151d616 |
| SHA256 | d6f27ee72373897f3feec5e09396d0e126d02c96d2856191e8d0d58b4628d0ac |
| SHA512 | 572f6701d01d12a9edda0fc0952987e222f2055eb5dfb232b9d4c4fc630ae4e9dc858384ee54a38a541038d8093dce786942d6d3f93ecaab9f1b3bef9a19aa80 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.exe
| MD5 | 2a8f58eddb7241af6357bee6b9e732eb |
| SHA1 | c0968ededbe5d4e519dcbd4d4cd411f0538c928b |
| SHA256 | 448d1eb32f444148a9a4e6e3e5e263aad026f4f55941146a09fdb105733ed4a5 |
| SHA512 | 4e6a3293cb994c51643e92595977a5ad32afcfad65e176ecd9f942e9d158d8a33a5f2d133ceecb4f7f8c915bf0cf40b4c93c9b36c468abbc42f2f732d498de9d |
C:\Users\Admin\AppData\Local\Temp\WUsS.exe
| MD5 | dcdc380060597cfefa56a726e413eb0f |
| SHA1 | 6b06f35d195bddafb421724dde299c5d5eb6ddea |
| SHA256 | 24b6b452589897ef3870c956d92ef2c5af66ec8f30203c0411a5ece8781d10f1 |
| SHA512 | 0cf54dabcdbdbfe35f594f88b47469fb443b8bceeaac01cb01fd57ff57acb69d531ff45969f94c30eceee60e38b2096228c88b6ef6990983564e0ba46f196636 |
memory/1052-1330-0x0000000000400000-0x000000000041F000-memory.dmp
memory/208-1334-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wcsc.exe
| MD5 | 978d2ce8af5ec9f11b9df0de63edfd3d |
| SHA1 | c20633f3ffec4dc19e518f6983b6420d5b2d87ca |
| SHA256 | b1102265fd58f690b6e8758bd07470fcb265f259d560954f147bc7dfb3c7a897 |
| SHA512 | 60e221fad17ecc0da9b633454faf10142db333da3adcc6ee1477ed06f2884e4ee3d62ae792b71ec2fa9ea862ac3a8b20a9998fa0d4bb20f53f310d0c1189d1d1 |
C:\Users\Admin\AppData\Local\Temp\yMwu.exe
| MD5 | 07c0fcdb96ae3c1de2a3761268612e6d |
| SHA1 | c7c807c8372bf2b219f0249a24371102b03d1c83 |
| SHA256 | 1f02829bc4987c66ed6ddbf1a75ac6007a156e01d5df6609960967814d22a730 |
| SHA512 | 157b98f27cfe0b75d8135c9abd236160744cddb1213ba5400255da448052447748b3d569b5cdf9a9bf8db3a6ed85d2c16caf7450618a15d579f86e1337886778 |
C:\Users\Admin\AppData\Local\Temp\eIka.exe
| MD5 | 35aa116d9027aef6de0c30207c8ea0fd |
| SHA1 | 09b70fd259d48932536891517e8e832f952cbc27 |
| SHA256 | 86edee77f760aa534f326563d5c68b1bad7b28476b54dbe071f1843e98d9907b |
| SHA512 | 5da5b6700765e69519ef820f13f4a0ccdeea9c333f1da1b518c5c03c82f5873d09fbecbc527377894088f6685ac6477e209240980d83fd6ff32436b3a4c2ef28 |
memory/1052-1384-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OMIW.exe
| MD5 | 38753c0b70d2bfd44b09e603d048ea23 |
| SHA1 | ec97e5c196bef1b8b45c21a4d21750e360104498 |
| SHA256 | 6856bd8d66a0b2d6af5f7699130f4be9ed57602040cab3b7b26ef2c4ae317b57 |
| SHA512 | a5096d7ab2395e36936740cc37d22c03ec917ea6724e6245a9b53d2ea637173ef196dca23c5cb32da6c67d3a30f8dec222a10486ba3220ce07b5d401e73f2db4 |
memory/1680-1399-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\osYU.exe
| MD5 | 2878d444d4432846726cc77ae702eaf6 |
| SHA1 | 19512c013b26415b9e6ad884680e7c28a6e2f2b1 |
| SHA256 | 9c99a35e4308d3d3be73e64f66a3bcb9843750db169f1419d60aa19625fdbeac |
| SHA512 | 73150448e713ca5f2a5faf81a86a1679ae668f60af1b0657ac09515c528a8272fc3f55fe27813b0a1cfed7eae7330206296247372d3c44a34a26c03a9981d876 |
C:\Users\Admin\AppData\Local\Temp\oscy.exe
| MD5 | 7b5fae7a7b6dbebd4aeebac6ecaf15cb |
| SHA1 | 481cd608ccb251fc7eafde407566d0d68a4cd30a |
| SHA256 | d9bcae17eb5db104b4d3088b56faead9650b4518fdcb1e4fd1af75b0be4842cc |
| SHA512 | 812b73ba6b56f5653d393888a2f6feb9fc967598f31dd744e6166332c54cd955985a0c7c26768105fe9f01e37e24b4add90a5cc6dd02f80f6c3e71195b683729 |
C:\Users\Admin\AppData\Local\Temp\kYwA.exe
| MD5 | e5c3c8df7728d62a9b83ae367e34f3c2 |
| SHA1 | 0e612ff8281652ff17c9e670eab4b86ecc51c3d3 |
| SHA256 | 7bb6b266e7102f3fc30e015e005a2a5d69aa81a4952761058f1d9de6661f9504 |
| SHA512 | c667cb1ed71e6eb641fe875da28c0a371a3cb849124f3e91025f46b3c6b70540a01d6573a907935c26c9b27b5d51c865dfd9cb8c9216be87fa601ad260f47425 |
C:\Users\Admin\AppData\Local\Temp\oAIY.exe
| MD5 | 165e693a3c841c4c0d04caed5ff31997 |
| SHA1 | c0b2a8bca96f08f93fd083f00d3fcdf8294b032f |
| SHA256 | 7cab62bfdb8c3684d3fc51ad0d8b7045d8c705feee983bb5f150be59b28ea073 |
| SHA512 | f51d6e7309f04e1404889bf005ca00e0f4896e4619ee090a2610c8859816a42179da148826fec18c63e0c64446a66eb41b41d4a7662b73ee332d1a53ca8586a8 |
memory/1680-1475-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QcYE.exe
| MD5 | 93511013857f5d59c10570844dcb8e15 |
| SHA1 | 47f2093d17d81d47ea7564f46c4b3efdf629b89d |
| SHA256 | d4dc5e156a86bf3c5ae165dad8e69a547c355ffc5f172e37e7b96112712a9c39 |
| SHA512 | f932760258b5ce4ad8013efe1135f204a6ed4934697b360df293757d14e208f1b01e65f418b088fb8a2738717741c3a71f68fee08c65db892bc061fdf0de21f2 |
memory/2152-1476-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uEIq.exe
| MD5 | 349bbac6d1276259f717eeef3c98b626 |
| SHA1 | c6fe4bbc3ba060482f2696ea4f0cd65c5aa7a608 |
| SHA256 | 4cd7dcae16cb0444e41bc76aeab487aceb75058fffb7cc214f2c4b4b027f5778 |
| SHA512 | 377fb1632feb3a43d2645f474d965dfac2ca6f6dd2ae884a09e861ca04856ae52ec01e01832053f881bbf7ed30aa3b82e6ed0813cb502207b5ac1de3bd526297 |
C:\Users\Admin\AppData\Local\Temp\eEEY.exe
| MD5 | 13261339985f25a9a66a81eafd86ce87 |
| SHA1 | 6ccfd43f0db12d55aad2db181f1910a4f5e0e319 |
| SHA256 | d8cad7b6d6050d69aa2781b72d97e35e9e44b094f5d9e2a5d99d95c6c2913b0b |
| SHA512 | b2e43d59e5d29aad17a4b74649b2a50f007d9799dff6653e3450192b1ddaf7782f5e59ff2ad36d2b7eed0d734b2b54ba4935f4d32ad5a9753a6d486475aedf8a |
C:\Users\Admin\AppData\Local\Temp\WkIw.exe
| MD5 | 62b1cb4ca756ba7ec3bf7ac9c7fe6672 |
| SHA1 | 15c86c46e395ad95c97cf5dd9ddcf9bdd161e2ef |
| SHA256 | d5bcf0551c96a3be5dce733510f996fcb4aee6d1ee5d585ec3d782a6c8af6ee6 |
| SHA512 | c307185965d10e77a6a50812d0a81ef269e2fbe4b1a2b356f08b9ebd7ecbd5ecb41bcc086634d9f7d9383a7f277cbad44e136ad0b65d66425841123d3828e92a |
C:\Users\Admin\AppData\Local\Temp\YgMw.exe
| MD5 | f47a9a0ed830d95666e110a60ef6b5e9 |
| SHA1 | f5b3ce2af7d2c77e78d4d7b8f276706b374f0337 |
| SHA256 | 9928411b1acdf2e3ee467bd1707227f60c24d8e18504d0ca282b4f765ccbe9bf |
| SHA512 | f1876c11a6ba5ddc535881a3f8649064da48f20f43b4662bbaf66f32a7f175f001473caa1211301e36d2071d5b197fe80c13481e1b1aa26352bdb13239fad376 |
C:\Users\Admin\AppData\Local\Temp\WUkM.exe
| MD5 | 39e65462becf3ca6f41e567845c8b9be |
| SHA1 | 17dce39dca499fb9a49222587dc47bba9a3809e2 |
| SHA256 | 0e2f1b8f1e51bf17e4ea52df05717b1dccbfb096038f149a1a9fcad85be742bb |
| SHA512 | 9825b5342ce45685f22c1c42591862568246fd052fcd6751f77dfb5ba0d0d7169bda5d716bc897fa4b0e156a5ba9ad9c53753d63f0a01551ffce01237f47d092 |
memory/2152-1567-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sEsW.exe
| MD5 | 824553c405ac4d8e23e4b68b84c0a029 |
| SHA1 | 14e2dbd700891676b3ed2c320f4ef49f19d9bf72 |
| SHA256 | 1995164fcc346ebcf5e0545186b0af5ad2abf7ab561f80e80f2653b9fe60fa98 |
| SHA512 | 2f2d8b87588f7a2d5908fc466364df8e5473aab962ef8f2af1659685141a7e0f359be8a01641d7035e0f0384b9086b8767c2065d3d314e98b53c90c864ec8bea |
C:\Users\Admin\AppData\Local\Temp\IwUu.exe
| MD5 | c59532a4eda6a5bed4c9abbe8ba24329 |
| SHA1 | 9a874588e206a101a6c1ee4d8abbf7e3c4fc731d |
| SHA256 | 56f99c0f952663a28a6e48c5e5403ea3da8c211fb8e2d1b4af0a6e3fe5608435 |
| SHA512 | 33c2a22cf618eac50c033bdfa85a021b70b1b61187bb37d15c4c4b51edcb5df15e7696a8c624b16db6dcfaa83385b9320e2e3b0e0261bbf001ee173070530002 |
C:\Users\Admin\AppData\Local\Temp\qsQK.exe
| MD5 | 2ce09fceb255e7d289e93c956bea8101 |
| SHA1 | b3a5544f280c114dc40dcbb00a81c1092b053370 |
| SHA256 | 10870149cfd821d21842982e70788385c67398e021727b84fc2ac30367039b8c |
| SHA512 | 9f23f44f53d5c85d1dcb543443f0b96c52f1900f35934e4c8025948797bafca4fbba0298bd9ea0e985b856c2a8787d4d6ff0feb5caa347de9aa5fd75de9c30f4 |
C:\Users\Admin\AppData\Local\Temp\WcIW.exe
| MD5 | 50ab5a63cee905f0ed6b26efaf93d944 |
| SHA1 | ee337dd332338aa08b8da5a69f09a87a7803cd31 |
| SHA256 | 4f6d45b52a6a92dbf0ed1ae349d7bc38efb21837a1004f8983edbfb0c6257cc6 |
| SHA512 | 5d9b5b491bb234a1d8d1201951465ff75476c3589b5f2fa11fc8560c4ab57a4adb317eb145bc71944b2a44f1c888236a81f32f367bb01eb40be9265021e55d8e |
memory/2008-1617-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UAwg.exe
| MD5 | cf5f15cfa074c704b52d7c695adf0247 |
| SHA1 | e1cc3184bdef0b07a656f95862667c7a8146e17e |
| SHA256 | bcb7bbd6789f2586fdeda27eb6662d101dc847fbc96687bc4ae26e1a9c7f0f85 |
| SHA512 | c69f2dfa4503c1aeb340ced9909a1969eefb46a30e877e0f130f0771f1bc1fa5a5bb222396e600366cf703d97c881072e46c69fb473c25b2210fcc74c1f6949f |
C:\Users\Admin\AppData\Local\Temp\oskQ.exe
| MD5 | 890b57c1540e9c3ba045cf2eea95095b |
| SHA1 | fc1414a2de6219ea93941152e95d6c0cc5f44a86 |
| SHA256 | eef601ba04e48eb2ca1ca5803912b04447c32b72232d2250910d496e57c86417 |
| SHA512 | 5b8b3fa58625d0f4d58a0a220a81e3b09e9b7b8ee70a177c550e8e2e7f2adf78cb35af09d04018fa87e2e511b1b5c0d1b1746cd460f9b521228435e1cfc64816 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png.exe
| MD5 | 747dd77816066f8dac78ee8ef7480467 |
| SHA1 | 45dac6972c2a70bbc2d865d51897c96b9f923adc |
| SHA256 | ea18003bc64873498804474afb80e2ab8d0707b94d45d2aa0eb821be3808bebd |
| SHA512 | 9f73a4434e49d33104d2ff984e5cb17fd8f5d4ee8d74889e4574be37df11e62f9d5b74822602a2a0c0fdff28774ad0bc2950bf8a1d7c0edbec11f7d958cad653 |
C:\Users\Admin\AppData\Local\Temp\OQgY.exe
| MD5 | 214b03bf1bb04827790a8c5b3926b7e0 |
| SHA1 | 6f955d9bc11932d676679c3ec3a7caed6e300e06 |
| SHA256 | ddcd1fe36a7b1602683f9140799996a4c2f6bf77a577a6c5a0e09f4aa4d78ac8 |
| SHA512 | 69bf938bd5c368e0237fc5e326e77f78c553d01bec771b532deeef4a32c26a69d9cbf51e4883f52d29f7788bd20ef6459c44700720f367113be90435a3718fbc |
memory/4208-1682-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ugEI.exe
| MD5 | a98ed593e6cb1cc4563ad9920c1e4c36 |
| SHA1 | 37f7cdeec57185c5034a7dc2f61af3f359c7e64b |
| SHA256 | 23f9f316357a1c275b6999e1ab316594f3f995f80939b20b67b2345177deab6f |
| SHA512 | 27796924012ec23c3c3869efa7096a1f19f0a3144aa95103006aec32299492b9b890b0deb879d3dd51949fdb7338908c1b8585d2a18c39349e77ceac24e042b6 |
C:\Users\Admin\AppData\Local\Temp\uMgk.exe
| MD5 | 38fb57e1dcc23aebf4c4a69d17e04844 |
| SHA1 | 74f74cf56fb65dd97dd5c2eddd3b8e445d937c5a |
| SHA256 | e39170c3b35267fc970443bf3009c2042835b44c81da1afbcb1df24aa82d4aff |
| SHA512 | ffa788b07cb6aa23214115c2cf5de5459b0dfd640dc137c6ec7761e6edd1d9531b719eec95dc1e9a25c5eacf2f5eab271fd1e87ff564246190d1ddf85a59f911 |
C:\Users\Admin\AppData\Local\Temp\kksi.exe
| MD5 | c8154b923970e5755a4b0cead4efffaf |
| SHA1 | e4cdc6b393381fed6287a889bbbbb1c71d7eb48d |
| SHA256 | 5c28858f3b779e7302adc4113c9156b9521bb53111f1676cbab284957714587c |
| SHA512 | fcf22047fc9196ba2b92c3cec1311bfb8b9f687ef5bfc3d7413655eff725ca7a86777f593db682ecf3dab85b5fbdf6027df8c1583d82b2770b46b1bb855e48fa |
C:\Users\Admin\AppData\Local\Temp\mMoo.exe
| MD5 | 985d38cb7ab514658541bdeaef0f23ac |
| SHA1 | 11a5e169353185b8b37dbcdc1dd74304c52b3a87 |
| SHA256 | 68be4ad51239cd034035a36a7bb8c01fc148f68449a2b32315bc57270de17339 |
| SHA512 | f9bb9d41782887fcaf0d94508e5eb5c37272358f994866bb31fd3e74d8b06f54fc1d9c075fb87622c5facae351d3c7833c095ca3b6a414b013ddc2919e8ef13e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png.exe
| MD5 | e4f9d5e485e9d6de8594f022ab8e5018 |
| SHA1 | da964fdced7355c4b294912bd771402f6ec7ef08 |
| SHA256 | 54333729401d5e59dd875eb48f5c556ac69e3d7f9a60dedf4b9061830dde83e6 |
| SHA512 | ba22517931a156267fd54bf916a82a142e2e4fecbdeddd85f63f561c9a48d981b4bf88c6a07156f2be5605032ab99f33b84f8cb51c01dbd00412760eab7eb031 |
C:\Users\Admin\AppData\Local\Temp\CogQ.exe
| MD5 | 4f1050327b73caf2f64f55df2c3d572f |
| SHA1 | 56fba236b7aa7b75ca05cf2518a4f0a6a1ee7f28 |
| SHA256 | 2e04f0afa8f9340edddff4739b3a8d6dc3446151dfb433adc15bf2b6513ff8cf |
| SHA512 | d7aea11e2da8ad71be46ffcb2203f51f742ae44444b55b263114a7b8b45379cd1b08a0dd2ad7092a4e820100db21e495d26d1c3655d589e2df27ae4c8a74a670 |
memory/2632-1787-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UUwm.exe
| MD5 | 2dab6b74862ca16b906ad95ea86949e3 |
| SHA1 | 351967a031d7ee13711a79a0dc9d269f275ca2c6 |
| SHA256 | 11b4b5b1b0bcbe9e3b853547cc1c95858f9a34809d65bc0da6fad1054316420b |
| SHA512 | dc5cd6f53c86e48e6c3c0134d2a553c8d58cc3077a5ffbe5977e467688ff833a901e92e5992c13b12604f962d5746518ba556ceb034dc912e3934036c54900d1 |
C:\Users\Admin\AppData\Local\Temp\ckou.exe
| MD5 | d665bf7cb202b7428f65faaa066f4fbd |
| SHA1 | faba5ee0fe1d3dfd5028b9761f66730a38f9f5e3 |
| SHA256 | 67672d39a402cb8ab0edb1ddd0a43b8ced5bc86bae29990bcb8e77899c407fec |
| SHA512 | e56647444d9449491a85b6a9de2b47142f254e0b4df6bc18f5fde29c3dae7a8dfc3e6999fae6e5cbb0976c13a8d6b2ebcf495ad320276813f35c8a0098be8ec3 |
memory/3920-1798-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Wskg.exe
| MD5 | 29ed3f24c768d255b833df314b446e02 |
| SHA1 | 40b3b3187dff3b5cf39fea0fc12dd06bf190b552 |
| SHA256 | fe0c615cf997013ca5b417ec094b90ef920548ef912968e30b3547d4899a6b08 |
| SHA512 | 93e961c3b77d3923bcfb196d4fe74098f878b0bfd6863c102fa7c46217811b30d29203e740dac3bfc930ded5a39a9a41d5f8c9c8361bb607f0bd7ec1b5559fc1 |
C:\Users\Admin\AppData\Roaming\SuspendResize.jpg.exe
| MD5 | f65491919d7a1635a46cbb79e45b8dcd |
| SHA1 | 0198e98ded1ddecf4742e8e2dc4355b25146f69f |
| SHA256 | 69efe43d9976e6436ce1aacdb126abca0f3b64e66aec03ff4d921faee211e9ec |
| SHA512 | 4e2a700c1836837d89765330d831d6237a388823d03d3516e602731af39e1dc9fd2f2442a5516069d4d88598696096f60311c0d0a67bf61108c6aa3c595586e0 |
memory/4136-1836-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3920-1853-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Gwsc.exe
| MD5 | 6e070a71a0c5fa3754d4a45f8a15b331 |
| SHA1 | 0f5819678d8b7c3900951e9d0bfb85780c601e1c |
| SHA256 | 9ab15c6e7354a19cf0ad13ae19c34a09fea15643e2477689a777132b912ddc50 |
| SHA512 | f777f6b0098e7f0ee9839a909f86a7407c3fd8dedeab4ef30f98295351f4aa2f8db6ab3e7aab0f7259990142ec4308d0ec6c58b8430e909f410ecb7fe117350b |
C:\Users\Admin\AppData\Local\Temp\sksa.exe
| MD5 | 008d0eb767729bad12439e94ce04e7ab |
| SHA1 | c027c6113b257bd891c6b53b747f8b50b1a6b684 |
| SHA256 | 87ec617db1e4d890650189c6523d70fcd7b00b0714b3195b6631abcf7516e4b7 |
| SHA512 | 8832035962cc5460cf1eb21da6adb4aafc1fa5ab28f9a1b6a29c31abb4a07cf0b92e59b7f1cedbc4dbb38ef41fdde400ea6a06608159b1ef6e7152074d1753c8 |
C:\Users\Admin\AppData\Local\Temp\qUwc.exe
| MD5 | 5db48ad00b194bb66c30341b82fe5cb5 |
| SHA1 | b5717cc9a2c3b3e8293dd20bca3b43760f57a1d6 |
| SHA256 | 4c25f15bdb7ce4630dec3d0d1ddaff3a8a2066285c798dcb4bcf507eca7dc576 |
| SHA512 | 2182cc86bfeb33c47188069a0427116365da5f4df96e13831c24d68cf78004208be3e303af9d848da98f4321585c5c246b9c7b01910aa5cddfdbb4717a9c0d8d |
memory/4136-1889-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yooK.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\mcgs.exe
| MD5 | 4a4759576f2bb9ad37e289bd50b78de7 |
| SHA1 | 25b6eb956578c5c5548bfac1f37d3220d9d416e9 |
| SHA256 | 69d93678007574f9da64ddd48e436d1453eac49f6387abb1bbb582587b2512be |
| SHA512 | dd1940f96ba0fc140198c2b4cd3e852921e25ca2e191373ae338e75c8d462cb4aebdc1f82c05ce7a986e7ef3cc6c093beb21748599b49bfaa12f3c7171fd21a4 |
C:\Windows\SysWOW64\shell32.dll.exe
| MD5 | 4e69bc0992add4d9cf4bb3cb3215f98e |
| SHA1 | 756d91202c77e3c86a08f56debed0d92eb672675 |
| SHA256 | 73debd13f456a0590f9ce9583b14ad68f0904534ef80c12d07220a7e550d8ab4 |
| SHA512 | b7e15c0c2b3d529d8a0f507da3492e67cac35b0aec01f08f4167140208d728a3c64a89f080fcf87b5bc2e4c233a74ddd0e02a4465630d0a6d63b29fc3468d440 |
C:\Users\Admin\AppData\Local\Temp\eQoK.exe
| MD5 | 2b96640ac3e023e5cd45e664c33cfb26 |
| SHA1 | 3fb441a6918b254b553b372eff1d81815258b93a |
| SHA256 | f4bfe155abd53912243be8779db5593b0ccb975b4a74af50ae01b8e8808295df |
| SHA512 | 4c59e91969fa411bd789cf28f453641c32962e689920524dfae6df96144f4ebd96e73741ec63d3471731ee0b642ac8d1300d3f7a56349ec132088b02fb6525bc |
C:\Users\Admin\AppData\Local\Temp\OwYQ.exe
| MD5 | 10a000a7bd4d8f154689f02a5a332b6f |
| SHA1 | 8e9d39e32235cd2936cc3ade981f82b935298f5b |
| SHA256 | 7eb54b65c1a5720a74905f605c45ce63b468753cec40f9e4e72419a14d968c2e |
| SHA512 | 55fbc21d403b4b17670e48901d97ee901bb8e6e82ad62c25d80741e167641234cd2ff3c8355840c931812e30fd7f4ed4bd682cba94e24577c5c9c592110f4d92 |
C:\Users\Admin\AppData\Local\Temp\MgAQ.exe
| MD5 | ce982c74423decc9080fae51f2592f17 |
| SHA1 | 9bfb071aea2cef4ca3808bf9c885420b2545ec53 |
| SHA256 | d3b5cb7cdd0af4fa17c1826e86a647a1aed253e2aa55990be7763ff536378f4d |
| SHA512 | 26fd1f75b1df40ec0a6c7af828b63f228917c48fd5a1fe1c0940de9e38952c2acf5ea0fea415e649d6893032af8de4f5219cc267b4c7cb9dd79940754e657509 |
C:\Users\Admin\AppData\Local\Temp\KwMU.exe
| MD5 | 85e98831588ee9ad50c08d25df3445df |
| SHA1 | 820782bc1d6cd7085217f4c7b165ad0b48b60bd8 |
| SHA256 | 174f7642bb5386ebd29db6eebbea5c1f484c3086d2ae03d7244596c23271811d |
| SHA512 | 7206252cd0c622d7dc62d09b1023a18113609d0424930c1cee9d73472ee2008cdbcaa8b7b039ffe72a1d74afa2fcca6f6e7c575723a03cd11f808918dbcc7798 |
C:\Users\Admin\AppData\Local\Temp\sgoW.exe
| MD5 | b1a7f9d1f787f9061705d9228d6c00e3 |
| SHA1 | ba6f64c7080499c7cb5c64890e80a95e5b0b4394 |
| SHA256 | 19de4d162adddff9134f79ced810ff5cb6f1821bf0db2c60607c72eb34655a1e |
| SHA512 | 11b702c89946ffd77a39d49f92ef5f96db9a63039e2c3a8aceac806e55905473f0621157f6f04f2ce1a1cc8b2878acee734f1f03620e4cf0d766d8cd0a585d41 |
C:\Users\Admin\AppData\Local\Temp\AcMW.exe
| MD5 | 3fe9db341e63834976c2fbe73b5b2e96 |
| SHA1 | 4ea7290fe9cf514bc1b9bd9f4556e39c4c059a83 |
| SHA256 | 8c56342362568aea9df1794bddb86b5163d542d3e99d703a3a7a31219008a51b |
| SHA512 | baa976389c15091862d6fee1c010fc59ea16421f7c7bef86d41eafae73a925b8cc7b466ba480578b4abe8f305a61ea79b6c867810e2d223fe10d5281d37c042d |
C:\Users\Admin\AppData\Local\Temp\SYgG.exe
| MD5 | cefd85a1de12f79a3431b89ca6cfb77d |
| SHA1 | f2ad86666f0e45afa93950cd1238827c9fb41de4 |
| SHA256 | 162642e076fdb6f8d7d01d2d25613a5031adb109218703cf2146df676ad113a3 |
| SHA512 | 609fbe3ab2ff56dbac8b42d9801adb562127e6336e860f85d960d39f48c037d107ece8186ecae0f11e383816cacc964ca9a854a7c172057b164b699427376fae |
C:\Users\Admin\AppData\Local\Temp\qkwm.exe
| MD5 | 20a9f96b21cf2efcd6547d1716f7320c |
| SHA1 | 82ed430958dab678b50cd7d33ec99262b8add69e |
| SHA256 | 23068d2666233eac0e898ef26f0c40d5a15a75db8f2ced90371f7766d464e457 |
| SHA512 | d4d664122da84bc485aff356471f0eebd0004a67af51f663bc24d941fce59da3ce6d9561ffbae03430ae2b57b2c1f79ec61dbdf81428bc98e9fb789b3876085c |
C:\Users\Admin\AppData\Local\Temp\UQAi.exe
| MD5 | 0ad0307d92977df7be7a8b5cb1944f5c |
| SHA1 | ed76ca37f2768222c40386be4384e62ca40d6cb0 |
| SHA256 | a5de6543c8ca4fe44c3e1904e7988699a9d34635bb6bfd23014fc5cda8f9c300 |
| SHA512 | 788be86fb80b147eae9b6c6e2c99e98d181f5a0e23c06f619d38d0e1db0d0931f4fa08734f0bed5600c47cb75e59d947e69bffd7c24b1311b4582b352ceb4943 |
C:\Users\Admin\AppData\Local\Temp\MsMq.exe
| MD5 | 60b0a91dd5e5a0084a109a2d3ca81dba |
| SHA1 | fde6e8ea064528dceda77a0c068ec7f6f2a7f04c |
| SHA256 | ce5e6844a8cb26fa4ece373df7366db1aced1521dab6ee191bf7f910cea50432 |
| SHA512 | 28a204cf79c0a3083c3845178d81464c3c4c656e0f3d361120baaddb9314533588f135a6e53cbaafb49e23fd7844360e448bb711515933b8f8624ac1ed9c2c8f |
C:\Users\Admin\AppData\Local\Temp\gskg.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\yYUw.exe
| MD5 | 0bde7ccb2df144e014b67930c81130b1 |
| SHA1 | 3a2b70a3c0d0abd1776932747366777022de0d17 |
| SHA256 | 6e0ece2efe998675d253870f79efc00339b979a63d0bee8490567572ac485172 |
| SHA512 | e2fe44179e776ff26b4d6335a8e0cdf9256ee4d54020a1a37ffb1a544a0cc5ea6f7727cab38527a449e184e0f8c324d7d22726b666b0951dbab9e2543dc70a4d |
C:\Users\Admin\AppData\Local\Temp\QEgU.exe
| MD5 | 101b5a1aa2d98bd7ce28ff1a12d4000b |
| SHA1 | 6b91bd2c7cc23c27576d909c6a07c1362d2562e8 |
| SHA256 | 6d35a55a864d2c28af879b812ed3771527fff41b7421ca669847a5fda726e7da |
| SHA512 | 52b09eb428e257d3d22fee801073c70974fe484dfb6aa747edfc83de6455b7c9519a20f8b739c840cffabd637b5b00f5d0b2723009e2556aa97142669422a891 |
C:\Users\Admin\AppData\Local\Temp\MMsE.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\qogY.exe
| MD5 | d892845a94031a52b9c613b249a258fb |
| SHA1 | 242cb06e5ad4c11d0a48361fa973063e1d085dcf |
| SHA256 | 576397c5b6a6f63941d9aa75505d19582b0ca03aa1af0b66eb80791bc4ec68d1 |
| SHA512 | bc0d2bcf75c6f6ac8bb8b25b2d0cf00bc1853144eaf01476554dc689bcd74c2106e2d9e34b71735acee42482d421c3706fe6f696fad6fa314a9616eee9d65c4c |
C:\Users\Admin\AppData\Local\Temp\ckEW.exe
| MD5 | ef666cd9fdf403e609a7a0b4ae9222f2 |
| SHA1 | efc9d345a3b6242b959d378a6dd6ee92a38ef39d |
| SHA256 | 8964bda233a2e2aa92b9f9f5e351593806b25d1bfcb691758c777c633d2b54a6 |
| SHA512 | f1f40aebd58c24ac3a6589fdfa8fd3d30d9542be1ee91072e764d42878cef5848cf9d881fa6e384c6a653f319f23e3e16c83c4b6df878ad2642d3dcc93953bb4 |
C:\Users\Admin\AppData\Local\Temp\uYck.exe
| MD5 | c55be5ab88947fa2f4824de6fd4aeda1 |
| SHA1 | 6b7c07958a213f73650bda8d39ed500e32ed6cb4 |
| SHA256 | 7316f3ba45d243de80d5dee11bcb8ee827aa7a16fdba9b7ecda2b69daa9ebaa2 |
| SHA512 | 7b23b425613a953aa4824232f1fc38ec14fb0e4097ba8e3dd33096b3f60115fe04219db559c58add0b0e5299f37616ca28162a00b4c2f53e06bcdf2c15a6511f |
C:\Users\Admin\AppData\Local\Temp\uMIQ.exe
| MD5 | c4c1c54c7254b8d162120a984adc556a |
| SHA1 | 9c2861c6ae4ae6a561cde3fd7444a35e807be6b3 |
| SHA256 | bf8e51415307d021c73093d283afd1abb4172b4aa6c35caa796f2071512e7e77 |
| SHA512 | 83a762d037d8cae498403ee45cda1ea4cdb1184e3b3ec7f795622bef703d60c1da10a4cfc6c0012a200f6d6cb41369ff2d869a4c7a5325defa4fb19f12d17a06 |
C:\Users\Admin\AppData\Local\Temp\ukgG.exe
| MD5 | 67d2a542b66cb769c5e60407c5179c09 |
| SHA1 | 75e1611fb4cb7cb4f56aa35984ebd0f20ce60b5b |
| SHA256 | 7bc2746a2c57fc6c4f4357739041118ea6551e674509f533821d8373dfde8817 |
| SHA512 | 795c6f872d4e4813da79a6ab3b4099d63b9f110cb0215a32e9651ee871eecbbef21e69cf43fa8357af432c964f26dd31291db9d6d524e77f6d8379e6bd8ee24b |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | f78f8e4c049e4c03cb5b3d49ce62dfe2 |
| SHA1 | f6bb8b50b4230f9ca8041164edf4671bf27ae680 |
| SHA256 | aa2789525e9cf94305ea8dcd731a873d27969e5c5d493dacc42fe244d61b43ed |
| SHA512 | 957911d9fd9e02a3fc39f340aade4b275112c56913c541f59602a0c05d825f4b30be6101f41167678e4dd81639deb2e5293be38e38c96dc73b76ec5fc544599f |
C:\Users\Admin\AppData\Local\Temp\WgMw.exe
| MD5 | 19e6558cf691149e519a9d67103ae2ea |
| SHA1 | ea5cf9cee871cfeeea6b8ca258e66d48c491d5da |
| SHA256 | 4d6a45d21bd61f46819b2da887f5d699bab7d6e5a4f327357fa89ba1a7755655 |
| SHA512 | fc958ad7572336e78d42a6bc78bb18ce7abfb15cf9dc41f96a5b2cd096622f26503b108e4c3c4dcbbf958e6e595a9adf3c8c1c0d004503222380a43b58af972b |